Configuration Library
Configuration Library

Web Authentication On SRX

[ Edited ]
‎11-05-2010 01:19 PM

Vesrion: 10.x & above

Product : SRX

 

Valid for all types of traffic

User  should access SRX directly using HTTP before  a security policy allows him  to access the resources

 

Step1 : enable HTTP access
root@SRX# set system services web-management http

 ( Also make sure that  host inbound traffic   on the interface  allows http  )


Step2 : Specify the web Authentication Ip address
root@SRX# set interfaces ge0/0/0 unit 0 family inet address 1.1.1.2/24 web-authentication http 

( the Ip must be at same subnet of interface Ip , recommended to be secondary ip)

 

Step3 : Create access profile
root@SRX# set access profile profile1 client user1 firewall-user password XXXXXX  ( creates access profile )
root@SRX# set access firewall-authentication web-authentication default-profile profile1  ( assoiciates acces profile with  authentication type = web authentication )

 

Ste4 : A|pply the web authentication profile on the policy

 

[edit security policies]
root@SRX# set from-zone eee to-zone trust policy untrust then permit firewall-authentication web-authentication client-match  user1


Step5 : Optional

root@SRX# set access firewall-authentication web-authentication  banner "login seccesful"
root@SRX# set access profile profile1 session-options client-idle-timeout  ( default =  10 minutes )

 

 

 

 

 

2 REPLIES 2
Configuration Library

Re: Web Authentication On SRX

‎11-28-2013 04:03 AM

Hi

 

I have a question about the web-authenticaiton with web-redirect method, i configure the web-authentication and its worked, but i am trying to do more than that, by configuring pass-through with web-redirect, all documents and articls which i read talking about it as its look like the web-authentication but its redirect you to the web-authentication page instead of open manually new web page and using  secondary IP to do the authentication.

i configured the pass through and add the command web redirect, when i trying to open the web page nothing happened, but if i try using telnet command, its requested firewall authentication.

So, are you trying this senario and getting positive results.

 

the below is the pass through configuration with web-redirect

 

# set system services web-management http

 

#set security zones security-zone untrust host-inbound-traffic system-services all
#set security zones security-zone untrust host-inbound-traffic protocols all

 

# set access profile Server-Access client user firewall-user password "$9$l62KX-wYoDjq24Tzn6AtWLX"
# set access profile Server-Access session-options client-group Server-Access-Group
# set access firewall-authentication pass-through default-profile Server-Access
# set access firewall-authentication pass-through http banner success "Login Successfully!"

 

# set security policies from-zone trust to-zone untrust policy TTTT then permit firewall-authentication pass-through client-match Server-Access-Group
# set security policies from-zone trust to-zone untrust policy TTTT then permit firewall-authentication pass-through web-redirect

Highlighted
Configuration Library

Re: Web Authentication On SRX

‎12-02-2013 12:16 AM

thank you its resolved after i configure web-authentication http under secondary IP of the coming interface

 

set interfaces ge-0/0/15 unit 0 family inet address 192.168.1.1/24 preferred
set interfaces ge-0/0/15 unit 0 family inet address 192.168.1.2/24 web-authentication http

 

 

Mahmoud Baroudi

JNCIS Sec