07-04-2008 01:06 AM
1. Initiate HTTPS from browser – No authentication window.
2. Get auth table – No users in table.
3. After several attempts on HTTPS, we tried to initiate HTTP from browser – Authentication window received
4. Get auth table – One user was seen
07-04-2008 03:41 AM
Actually inline authentication (run time authentication) works for only telnet, ftp and http traffic. If u want to use inline authentication for other traffic like https, ssh etc. Do one thing make a service group, add all ur desired services (https, ssh) AND one or all three services (ftp, http, telnet) also in that service group. Use this service group in policy from untrust to trust. Now u can use inline authentication for https, ssh etc.
Please let me know this solves ur problem?
07-08-2008 09:29 PM
Kashif-rana is correct you can't do pop up authentication with HTTPS, adding http, telnet or ftp to the policy to authenticate the user is a work around, but it is not very secure are you are opening up a port that is not wanted through that policy.
As of 6.1 i believe that you can do redirect of unauthenticated traffic to a web auth address to authenticate the user and then allow them through the policy. This would be much cleaner as it means that you only need to open HTTPS through the policy. Have a look in the Concepts and Examples under authentication and web auth (Chapter 4 page 49).
I have not had a chance yet to try this so give it a go and let me know if it works.
Hope this helps
07-08-2008 11:04 PM
-Make service object for ur required services like https, ping but also for one or all of services (http, telnet, ftp) using the command:
set service https protocol tcp src-port 0-65535 dst-port 443 (for https)
set service ping protocol icmp (for ping)
set service http protocol tcp src-port 0-65535 dst-port 80 (for http)
-Make service group for all the services u created above
set group service "services-for-auth"
set group service "services-for-auth" add https
set group service "services-for-auth" add http
set group service "services-for-auth" add ping
-In policy which u created for authentication, edit that policy and in Service select the service group "services-for-auth" which u have created above.
Hope this helps
07-05-2012 10:51 PM
Anyone experienced this on SRX (Web Auth unable to pop-up)?
Is there any kb or doc links, to reference for troubleshooting purposes?