[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

  1. Create IP addresses for the interfaces on the device.
    user@host# set interfaces ge-0/0/1
    user@host# set unit 0 family inet address 20.20.20.1/24 web authentication http
    user@host# set unit 0 family inet address 20.20.20.2/24
    user@host# set interfaces fe-5/0/0
    user@host# set unit 0 family inet address 30.30.30.1/24
    user@host# set unit 0 family inet address 30.30.30.2/24
  2. Create an access profile, WEBAUTH, for FWClient1 and specify a password, pwd.
    user@host# set access profile WEBAUTH client FWClient1 firewall-user password pwd
  3. Add the above WEBAUTH profile for firewall Web authentication and define a success banner for Telnet sessions.
    user@host# set access firewall-authentication web-authentication default-profile WEBAUTH banner success "WEB AUTH LOGIN SUCCESS"
  4. Create security zones.
    user@host# set security zones security-zone UT-ZONE host-inbound-traffic system-services all
    user@host# set security zones security-zone UT-ZONE interfaces ge-0/0/1.0 host-inbound-traffic protocols all
    user@host# set security zones security-zone T-ZONE host-inbound-traffic system-services all
    user@host# set security zones security-zone T-ZONE interfaces fe-5/0/0.0 host-inbound-traffic protocols all
  5. Assign a security policy, policy-W, to the zones.
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy-W match source-address any
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy-W match destination-address any
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy-W match application any
    user@host# set security policies from-zone UT-ZONE to-zone T-ZONE policy policy-W then permit firewall-authentication web-authentication client-match FWclient1
  6. Activate the HTTP daemon on your device.
    user@host# set system services web-management http
  7. Firewall user FWClient1 does the following to get authenticated:
    1. Points the browser to the Web Authentication IP (20.20.20.1) to get authenticated first.
    2. Starts traffic to access resources specified by policy, policy-W.
  8. If you are finished configuring the device, commit the configuration.
  9. To check the configuration, see Verifying Firewall User Authentication.

    The following screen appears after the firewall user is authenticated.

Image Firewall_Web_Auth.gif
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]