Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

user-firewall

Syntax

Hierarchy Level

Description

Configure user role firewall authentication, and map the source IP address to the username and its associated roles (groups). The mapped data is written to the firewall authentication table for later retrieval by the user role firewall. The user role firewall uses the username and role information to determine whether to permit or deny a user's session or traffic.

For SAML-based firewall authentication, you can configure any of the following methods:

  • access-profile, either web-redirect or web-redrect-to-https commands

  • access-profile, both web-redirect and web-redrect-to-https commands

under set security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication user-firewall hierarchy level.

The system supports SAML-based firewall authentication only with push-to-identity-management. Configure push-to-identity-management.

Options

access-profile profile-name

Specify the name of the access profile to be used for authentication.
domain domain-name

Specify the name of the domain where firewall authentication occurs in the event that the Windows Management Instrumentation client (WMIC) is not available to get IP-to-user mapping for the integrated user firewall feature. The maximum length is 65 bytes.
ssl-termination-profile profile-name

For HTTPS traffic, specify the name of the SSL termination profile used for SSL offloading.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X45-D10. Support for the domain keyword added in Junos OS Release 12.1X47-D10.

Related Documentation