Hi,

Try to use the SSL WebAuth mecanism. There is a checkbox in your interface Menu ( SSL Only ) in order to do what you want. So authentication will be encrypted.

Hope this could help.

Sylvain 

Hi,

Why webauth is not working from untrust to trust?? Tell me what steps u took for configuring webauth? I vl guide u if i can to resolve the issue.

Actually inline authentication (run time authentication) works for only telnet, ftp and http traffic. If u want to use inline authentication for other traffic like https, ssh etc. Do one thing make a service group, add all ur desired services (https, ssh) AND one or all three services (ftp, http, telnet) also in that service group. Use this service group in policy from untrust to trust. Now u can use inline authentication for https, ssh etc.

Please let me know this solves ur problem?

Thanks 

Hi,

I know the run time authentication solution with telnet and ssh in the same policy. But in this case, it's mandatory that you run telnet session to the target server to authenticate on the firewall. After that, you can run a ssh session to the target server.

My problem is that the login credentials are sent clear when you run the telnet session !!!

For Webauth, I made lot of tests and I conclude that the webauth doesn't work when a webauth IP is added on an interface in a zone from untrust-vr.

example:

client(1.1.1.1/16)   ---WAN--->  2.2.2.200/24 (untrust-vr)| FW |(trust-vr) 192.168.0.200/24    ---LAN---> server(192.168.0.1/24) 

                                                webauth IP is 2.2.2.100

Hi,

I m sure webauth should work from untrsut to trust. What configurations step u follow?

Thanks

OK, I explain not very well!! The webauth works because access is granted. But!! the accesss to the target server (behind the firewall) doesn't work. My policy is well configured between the 2 zones and activated for webauth. So I don't understand!!

I tested a webauth IP on an interface (in trust-vr) and I applied a policy between 2 zones (in trust-vr) and it works very well. 

Hi Gdelmas,

Did you set the following :

- Route from Untrust VR to Trust VR in order to access to your ressource

- MIP ( or VIP ) in order to access to your server  from the internet ( i suppose your traffic comes from the web )

Hi sylvain,

My firewall is well configured. At this time, my client PC  can access to the target server without authentication.it doesn't works only when i want to make authentication on the firewall.

I think Netscreen prevent a webauth from an untrust-vr interface. The only way to authenticate is to use VPN client to site but Netscreen remote VPN is not free

Do someone knows a free VPN client able to work with Netscreen ?

Hi,

For free vpn connection check it http://kb.juniper.net/KB9529. I hope it solve ur problem

Thanks