ScreenOS Firewalls (NOT SRX)
Reply
Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Can SSG Firewall support 2FA for administrators?

[ Edited ]

Hi,

 

Can SSG Firewall support 2FA for administrators?

Anyone got the document/kb link to share?

 

Which 2FA do you or have you used before?

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Trusted Contributor
Gavrilo
Posts: 279
Registered: ‎07-14-2008
0

Re: Can SSG Firewall support 2FA for administrators?

Yes it can

 

Configuring a SecurID Server

 

To configure a SecurID server to authenticate Auth and XAuth users with two-factor authentication.

 

Configure SecurID from Juniper WebUI:

 

Select Configuration | Auth | Auth-Servers, and then select New.

Give the server a Name for referencing.

Specify the IP/Domain Name.

If Define any additional backup servers in the Backup fields.

Specify what Account Types you want this server to authenticate.

Specify a source interface (do it in the Source Interface drop-down menu).

Make sure the SecurID server is selected and if necessary, change the default port and connection values under Authentication Port, Client Timeout, and Client Retry.

Make sure the Encryption Type you define on the firewall matches the one you configure the SecurID server to use (options are DES or SDI).

 

To restrict clients to only one login use the Use Duress option which must also be supported on the SecurID server.

 

From CLI:

 

Options in this example:

 

Server Name SecurID

IP/Domain Name 172.16.1.50

Account Types Auth, XAuth

Server Type SecurID

Encryption Type DES

 

Set the SecurID Server via the Juniper CLI:

 

set auth-server "SecurID" id 2

set auth-server "SecurID" server-name "172.16.1.50"

set auth-server "SecurID" account-type auth xauth

set auth-server "SecurID" type secured

save

 

Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: Can SSG Firewall support 2FA for administrators?

Thanks, Gavrilo!
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.