Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure pass-through firewall user authentication. The user needs to use an FTP, Telnet, or HTTP client to access the IP address of the protected resource in another zone. Subsequent traffic from the user or host is allowed or denied based on the result of this authentication. Once authenticated, the firewall proxies the connection.


  • access-profile profile-name —(Optional) Specify the name of the access profile.

  • client-match user-or-group —(Optional) Specify the name of the users or user groups in a profile who are allowed access by this policy. If you do not specify any users or user groups, any user who is successfully authenticated is allowed access.

  • ssl-termination-profile profile-name —(Optional) Specify the SSL termination profile used for SSL offloading.

  • web-redirect—(Optional) Enable redirecting an HTTP request to the device and redirecting the client system to a webpage for authentication. Including this statement allows users an easier authentication process because they need to know only the name or IP address of the resource they are trying to access.

  • web-redirect-to-https—(Optional) Redirect unauthenticated HTTP requests to the internal HTTPS Web server of the device.


    If web-redirect-to-https is set, then you must specify the SSL termination profile used for SSL offloading.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support for ssl-termination-profile and web-redirect-to-https options added in Junos OS Release 12.1X44-D10.