firewall-authentication (Security)
Syntax
firewall-authentication {
mtls-profile profile-name;
mtls-profile-fallback-password;
traceoptions (Security Firewall Authentication) {
flag (all | authentication | proxy) {
}
}
}
Hierarchy Level
[edit security]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Defines the type of firewall authentication available for a logical system. Also specifies the data plane firewall authentication tracing options.
Options
-
mtls-profile—Enable passwordless user authentication based on client/server certificate validation using a public/private key. -
mtls-profile-fallback-password—Enable user authentication with mTLS and fallback to standard login when it fails. -
flag—Trace operation to perform. To specify more than one trace operation, include multiple flag statements.-
all—Enable all tracing operations. -
authentication—Trace data-plane firewall authentication events. -
proxy—Trace data-plane firewall authentication proxy events.
-
detail—Display moderate amount of data.extensive—Display extensive amount of data.terse—Display minimum amount of data.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.