Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Identity Aware Firewall

  • SAML-based firewall authentication (cSRX, SRX Series Firewalls, and vSRX 3.0)—You can authenticate users through Security Assertion Markup Language (SAML)-based access profiles using your organization's identity provider (IdP) for firewall authentication. This method generates SAML requests and processes SAML assertions, enhancing the security and flexibility of user authentication. The integration supports single sign-on (SSO) using HTTP Redirect and HTTP POST SAML bindings, providing benefits such as improved security and reduced password management. Include the access-profile profile-name statement under set security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication user-firewall hierarchy to enable SAML-based captive portal authentication.

    To apply a default Secure Sockets Layer (SSL) termination profile, use the set access firewall authentication user-firewall default-ssl-termination-profile default-ssl-termination-profile command. Enable this configuration to enforce security for all access profiles.

    [See user-firewall (Access Firewall-Authentication), default-ssl-termination-profile (Access), user-firewall, policy (Security Policies), SAML Authentication in Juniper Secure Connect, saml, and authentication-order (Access Profile).]