ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

RADIUS Accounting support in policy authentication

11.11.07   |  
‎11-11-2007 01:40 PM
Is the RADIUS Accounting supported in policy authentication (like WebAuth).
After some tests it looks like the RADIUS Accounting is working only with XAUTH (VPN's).
3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: RADIUS Accounting support in policy authentication

11.11.07   |  
‎11-11-2007 05:50 PM
Unfortunately, radius accounting is not supported for web auth.
ScreenOS Firewalls (NOT SRX)

Re: RADIUS Accounting support in policy authentication

11.28.07   |  
‎11-28-2007 11:51 PM
We have a webmail server located in DMZ, public address. Is it support on Juniper to query the internal (trust zone) Domain Controller for username/password to authenticate users when they try to connect the webmail?
ScreenOS Firewalls (NOT SRX)

Re: RADIUS Accounting support in policy authentication

11.29.07   |  
‎11-29-2007 12:14 AM
When you define an Auth server you have to enter its IP address and select souce interface, so you can set connection to Auth server in any zone (also inside a VPN tunnel).
For Domain Controller you may use LDAP or install on any domain member server Internet Authentication Service (IAS) and use RADIUS between NetScreen and that server.
For authentication, you may use transparent authentication (Server Auth) inside the protocol HTTP (or FTP or Telnet) or if the connection to the WebMail is encrypted (SSL), you may use WebAuth for user authentication. When you set WebAuth as a authentication method, user have to connect first to WebAuth IP address and authenticate, then connect to the WebMail.
The credentials used for authentication to the firewall will not be passed to the WebMail server.
If you want to authenticate users transparently on gateway using SSL and pass credentials to WebMail you should use Secure Access instead of firewall for authentication.
You may then disable SSL on WebMail and freeing its CPU resources for emails instead of securing...