firewall-authentication (Security Policies)
Syntax
firewall-authentication {
pass-through {
access-profile profile-name;
client-match user-or-group-name;
ssl-termination-profile profile-name;
web-redirect;
web-redirect-to-https;
auth-only-browser
auth-user-agent
}
push-to-identity-management
user-firewall {
access-profile profile-name;
domain domain-name
ssl-termination-profile profile-name;
web-redirect;
web-redirect-to-https;
auth-only-browser
}
web-authentication {
client-match user-or-group-name;
}
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit]
Description
Configure firewall authentication methods.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
Support added for the user-firewall option in Junos
OS Release 12.1X45-D10.
Support for the ssl-termination-profile and web-redirect-to-https options added on SRX5600 and SRX5800
Services Gateways starting from Junos OS Release 12.1X44-D10, on SRX5400
devices starting from 12.1X46-D10, and on vSRX, SRX300, SRX320, SRX340,
SRX345, SRX380, SRX550M, and SRX1500 Services Gateways starting from
Junos OS Release 15.1X49-D40.
Starting with Junos OS Release 15.1X49-D70 and Junos OS Release
17.3R1, support for the web-redirect and web-redirect-to-https options under user-firewall added on SRX300, SRX320,
SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400,
SRX5600, and SRX5800 devices and vSRX Services Gateways.
Starting with Junos OS Release 15.1X49-D90 and Junos OS Release
17.3R1, support for the auth-only-browser option was added
under pass-through and user-firewall and the auth-user-agent option was added under pass-through auth-only-browser on SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100,
SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Services Gateways.
Starting with Junos OS Release 15.1X49-D90 and Junos OS Release
17.3R1, support for the auth-only-browser option was added
under pass-through and user-firewall and the auth-user-agent option was added under pass-through auth-only-browser on SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100,
SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Services Gateways.
Starting with Junos OS Release 15.1X49-D100 and Junos OS Release 17.3R1,
support was added for push-to-identity-management.