ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Pawel_Syc
Posts: 6
Registered: ‎11-09-2007
0

RADIUS Accounting support in policy authentication

Is the RADIUS Accounting supported in policy authentication (like WebAuth).
After some tests it looks like the RADIUS Accounting is working only with XAUTH (VPN's).
Juniper Employee
Juniper Employee
MR
Posts: 26
Registered: ‎11-06-2007
0

Re: RADIUS Accounting support in policy authentication

Unfortunately, radius accounting is not supported for web auth.
Contributor
pacmagsjfw
Posts: 27
Registered: ‎11-08-2007
0

Re: RADIUS Accounting support in policy authentication

We have a webmail server located in DMZ, public address. Is it support on Juniper to query the internal (trust zone) Domain Controller for username/password to authenticate users when they try to connect the webmail?
Visitor
Pawel_Syc
Posts: 6
Registered: ‎11-09-2007

Re: RADIUS Accounting support in policy authentication

When you define an Auth server you have to enter its IP address and select souce interface, so you can set connection to Auth server in any zone (also inside a VPN tunnel).
For Domain Controller you may use LDAP or install on any domain member server Internet Authentication Service (IAS) and use RADIUS between NetScreen and that server.
For authentication, you may use transparent authentication (Server Auth) inside the protocol HTTP (or FTP or Telnet) or if the connection to the WebMail is encrypted (SSL), you may use WebAuth for user authentication. When you set WebAuth as a authentication method, user have to connect first to WebAuth IP address and authenticate, then connect to the WebMail.
The credentials used for authentication to the firewall will not be passed to the WebMail server.
If you want to authenticate users transparently on gateway using SSL and pass credentials to WebMail you should use Secure Access instead of firewall for authentication.
You may then disable SSL on WebMail and freeing its CPU resources for emails instead of securing...
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.