ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Trusted Contributor
michael.saw
Posts: 819
Registered: ‎09-26-2011
0

Can SSG Firewall support 2FA for administrators?

[ Edited ]
Options

‎03-25-2012 09:33 PM - edited ‎03-25-2012 09:34 PM

Hi,

 

Can SSG Firewall support 2FA for administrators?

Anyone got the document/kb link to share?

 

Which 2FA do you or have you used before?

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 1 of 3 (280 Views)
 
Reply
Trusted Contributor
Gavrilo
Posts: 279
Registered: ‎07-14-2008
0

Re: Can SSG Firewall support 2FA for administrators?

Options

‎04-04-2012 05:47 AM

Yes it can

 

Configuring a SecurID Server

 

To configure a SecurID server to authenticate Auth and XAuth users with two-factor authentication.

 

Configure SecurID from Juniper WebUI:

 

Select Configuration | Auth | Auth-Servers, and then select New.

Give the server a Name for referencing.

Specify the IP/Domain Name.

If Define any additional backup servers in the Backup fields.

Specify what Account Types you want this server to authenticate.

Specify a source interface (do it in the Source Interface drop-down menu).

Make sure the SecurID server is selected and if necessary, change the default port and connection values under Authentication Port, Client Timeout, and Client Retry.

Make sure the Encryption Type you define on the firewall matches the one you configure the SecurID server to use (options are DES or SDI).

 

To restrict clients to only one login use the Use Duress option which must also be supported on the SecurID server.

 

From CLI:

 

Options in this example:

 

Server Name SecurID

IP/Domain Name 172.16.1.50

Account Types Auth, XAuth

Server Type SecurID

Encryption Type DES

 

Set the SecurID Server via the Juniper CLI:

 

set auth-server "SecurID" id 2

set auth-server "SecurID" server-name "172.16.1.50"

set auth-server "SecurID" account-type auth xauth

set auth-server "SecurID" type secured

save

 

Message 2 of 3 (225 Views)
 
Reply
Trusted Contributor
michael.saw
Posts: 819
Registered: ‎09-26-2011
0

Re: Can SSG Firewall support 2FA for administrators?

Options

‎04-04-2012 06:32 AM

Thanks, Gavrilo!
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 3 of 3 (221 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.