pass-through

Syntax

pass-through {access-profile profile-name ;client-match match-name ;web-redirect;}

Hierarchy Level

[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication]

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Configure pass-through firewall user authentication. The user needs to use an FTP, Telnet, or HTTP client to access the IP address of the protected resource in another zone. Subsequent traffic from the user or host is allowed or denied based on the result of this authentication. Once authenticated, the firewall proxies the connection.

Options

access-profile profile-name —(Optional) Name of the access profile.
client-match match-name —(Optional) Specify the name of the users or user groups in a profile who are allowed access by this policy. If you do not specify any users or user groups, any user who is successfully authenticated is allowed access.
web-redirect—(Optional) Enable redirecting an HTTP request to the device and redirecting the client system to a webpage for authentication. Including this statement allows users an easier authentication process because they need to know only the name or IP address of the resource they are trying to access.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.