Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Allow list of IPs to access Internet without Authentication

    Posted 08-04-2009 07:29

    I've got a Netscreen-50 Firewall running firmware version 5.3.0r3.0.

     

    We've got it set up to require authentication with the firewall to allow our clients to access the internet.  This is fine for 95% of our clients, but for several servers it requires additional actions just to log into the firewall so the server can access the internet.

     

    Currently we're using the local database for Auth (I'd like to get it over to an LDAP or RADIUS server, but that's another post...).  Is there a way to list IP's of the various servers that would eliminate the requirement to Authenticate with the firewall to access the internet? 

     

    Thanks,

     

    Tommy 



  • 2.  RE: Allow list of IPs to access Internet without Authentication
    Best Answer

    Posted 08-04-2009 07:59

    Why not put the addresses you want to exclude into an address group and then make a seperate policy above your current one that invokes that auth. In that policy refer to the group and just allow whatever access without auth 1st.



  • 3.  RE: Allow list of IPs to access Internet without Authentication

    Posted 08-06-2009 06:49

    Thanks for the suggestion.  I'm a bit new to configuring policies and such, but I was able to work with a coworker to implement a solution based on your suggestion.