Statement introduced in Junos OS Release 15.1X49-D90.
Configure firewall authentication to ignore non-browser HTTP/HTTPS traffic. This feature allows you to ensure that unauthenticated users issuing access requests through HTTP/HTTPS browsers are presented with a captive portal interface to allow them to authenticate. By default, firewall authentication responds to all HTTP/HTTPS traffic.
It can happen that non-browser HTTP/HTTPS services running in the background can trigger captive portal authentication, creating a race condition that suppresses presentation of the captive portal interface to the HTTP/HTTPS browser user.
When auth-only-browser is configured, non-browser HTTP traffic is dropped to allow for captive portal to be presented to unauthenticated users who request access using a browser.
You can use the auth-user-agent parameter alone for pass-through or user-firewall authentication or in conjunction with auth-only-browser.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.