firewall-authentication (Security Policies)
Syntax
firewall-authentication {
pass-through {
access-profile profile-name;
client-match user-or-group-name;
ssl-termination-profile profile-name;
web-redirect;
web-redirect-to-https;
auth-only-browser
auth-user-agent
}
push-to-identity-management
user-firewall {
access-profile profile-name;
domain domain-name
ssl-termination-profile profile-name;
web-redirect;
web-redirect-to-https;
auth-only-browser
}
web-authentication {
client-match user-or-group-name;
}
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit]
Description
Configure firewall authentication methods.
On SRX Series Firewall, you must configure security policy with firewall-authentication at initial stage. When ssl-termination-profile is engaged with firewall-authentication in security policy, you can’t configure dynamic-application statement at [edit security policies from-zone zone-name to-zone zone-name policy policy-name match] hierarchy level.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
Support added for the user-firewall option in Junos OS Release 12.1X45-D10.
Support for the ssl-termination-profile and web-redirect-to-https options added on SRX5600 and SRX5800 Services Gateways starting from Junos OS Release 12.1X44-D10, on SRX5400 devices starting from 12.1X46-D10, and on vSRX Virtual Firewall, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, and SRX1500 Services Gateways starting from Junos OS Release 15.1X49-D40.
Starting with Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, support for the web-redirect and web-redirect-to-https options under user-firewall added on SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall Services Gateways.
Starting with Junos OS Release 15.1X49-D90 and Junos OS Release 17.3R1, support for the auth-only-browser option was added under pass-through and user-firewall and the auth-user-agent option was added under pass-through auth-only-browser on SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall Services Gateways.
Starting with Junos OS Release 15.1X49-D90 and Junos OS Release 17.3R1, support for the auth-only-browser option was added under pass-through and user-firewall and the auth-user-agent option was added under pass-through auth-only-browser on SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall Services Gateways. Starting with Junos OS Release 15.1X49-D100 and Junos OS Release 17.3R1, support was added for push-to-identity-management.