Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


web-authentication (Access)


Hierarchy Level


Specify that users go through the Web authentication process. The user uses HTTP or HTTPS to access an IP address on the device that is enabled for Web authentication. In this scenario, the user does not use HTTP or HTTPS to access the IP address of the protected resource. The user is prompted for a username and password, which are verified by the device. Subsequent traffic from the user or host to the protected resource is allowed or denied based on the results of this authentication. This method of authentication differs from pass-through authentication in that users need to access the protected resource directly after accessing the Web authentication IP address and being authenticated.


banner success;

Configure the banner that appears to users during the Web authentication process. The banner appears during login, after successful authentication, and after failed authentication.

default-profile profile-name

Specify the authentication profile to use if no profile is specified in a policy.

timeout seconds

Specify the timeout option in seconds.

If you do not specify a timeout value, and if the web authentication process takes more than 3 seconds, your browser may display invalid username and password, even though the username and password is correct. For example, when you type a username and password in a browser for authentication, SRX Series Firewall checks your account in the database, and after 3 seconds your web browser displays a message invalid username and password. However, after 10 seconds, SRX Series Firewall receives a response from the database that the user authentication is successful, but SRX Series Firewall could not notify you about successful authentication, due to 3 seconds timeout value. If you configure the timeout value from 5 through 60 seconds, then the browser waits for the SRX Series Firewall to respond for the specified time.

  • Default: 3 seconds

  • Range: 5 through 60 seconds

Required Privilege Level

access—To view this statement in the configuration.

access-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5.

HTTPS for Web authentication is supported on SRX5400, SRX5600, and SRX5800 devices starting from Junos OS Release 12.1X44-D10 and on vSRX Virtual Firewall, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, and SRX1500 Services Gateways starting from Junos OS Release 15.1X49-D40.

Option timeout introduced in Junos OS Release 15.1X49-D130.