[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

To configure the device for pass-through firewall authentication as shown in Figure 24, follow these steps:

  1. Create IP addresses for the interfaces on the device.
    user@host# set interfaces ge-0/0/1
    user@host# set unit 0 family inet address 20.20.20.1/24
    user@host# set unit 0 family inet address 20.20.20.2/24
    user@host# set interfaces ge-5/0/0
    user@host# set unit 0 family inet address 30.30.30.1/24
    user@host# set unit 0 family inet address 30.30.30.2/24
  2. Create an access profile, FWAUTH, for FWClient1 and specify a password, pwd.
    user@host# set access profile FWAUTH client FWClient1 firewall-user password pwd
  3. Add the FWAUTH profile for pass-through firewall authentication and define a success banner for Telnet sessions.
    user@host# set access firewall-authentication pass-through default-profile FWAUTH
    user@host# set access firewall-authentication pass-through telnet banner success "WELCOME TO JUNIPER TELNET SESSION"
  4. Create security zones.
    user@host# set security zones security-zone UT-ZONE host-inbound-traffic system-services all
    user@host# set security zones security-zone UT-ZONE interfaces ge-0/0/1.0 host-inbound-traffic protocols all
    user@host# set security zones security-zone T-ZONE host-inbound-traffic system-services all
    user@host# set security zones security-zone T-ZONE interfaces fe-5/0/0.0 host-inbound-traffic protocols all
  5. Assign a security policy, policy1, to the zones.
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy1 match source-address any
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy1 match destination-address any
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy1 match application junos-telnet
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy1 then permit firewall-authentication pass-through client-match FWclient1
  6. Use Telnet to autheticate firewall user, FWClient1, to host2.
    regress@FWClient1# run telnet 30.30.30.2
    Trying 30.30.30.2...
    Connected to 30.30.30.2.
    Escape character is '^]'.
    Firewall User Authentication
    Username: FWClient1
    Password:***
    WELCOME TO JUNIPER TELNET SESION
    Host1 (ttyp0)
    login: regress
    Password:
    --- JUNOS 8.5R1.1 built 2007-10-12 13:30:18 UTC
    %
  7. If you are finished configuring the device, commit the configuration.
  8. To check the configuration, see Verifying Firewall User Authentication.
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]