Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Firewall Authentication
Junos OS supports the following two types of firewall user authentication:
- Pass-through authentication—A host or a user from one zone tries to access resources on another zone. You must use an FTP, Telnet, or HTTP client to access the IP address of the protected resource and to get authenticated by the firewall. The device uses FTP, Telnet, or HTTP to collect username and password information. Subsequent traffic from the user or host is allowed or denied based on the result of this authentication.
- Web authentication—Users try to connect, using HTTP, to an IP address on the device that is enabled for Web authentication; in this scenario, you do not use HTTP to get to the IP address of the protected resource. You are prompted for the username and password that are verified by the device. Subsequent traffic from the user or host to the protected resource is allowed or denied based on the result of this authentication.
Table 1 lists firewall authentication features that are supported on SRX Series and J Series devices.
Table 1: Firewall Authentication Support
Feature | SRX100 | SRX550 | SRX1400 | J Series |
|---|---|---|---|---|
Firewall authentication on Layer 2 transparent authentication | Yes | Yes | Yes | No |
LDAP authentication server | Yes | Yes | Yes | Yes |
Local authentication server | Yes | Yes | Yes | Yes |
Pass-through authentication | Yes | Yes | Yes | Yes |
RADIUS authentication server | Yes | Yes | Yes | Yes |
SecurID authentication server | Yes | Yes | Yes | Yes |
Web authentication | Yes | Yes | Yes | Yes |
