[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

pass-through

Syntax



pass-through {
access-profile              profile-name           ;
client-match              match-name           ;
web-redirect;
}

Hierarchy Level



[edit security policies
from-zone            zone-name          to-zone            zone-name          policy            policy-name          then permit firewall-authentication]

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure pass-through firewall user authentication. The user needs to use an FTP, Telnet, or HTTP client to access the IP address of the protected resource in another zone. Subsequent traffic from the user or host is allowed or denied based on the result of this authentication. Once authenticated, the firewall proxies the connection.

This statement is supported on J-series and SRX-series devices.

Options

access-profile profile-name —(Optional) Name of the access profile.
client-match match-name —(Optional) Specify the name of the users or user groups in a profile who are allowed access by this policy. If you do not specify any users or user groups, any user who is successfully authenticated is allowed access.
web-redirect—(Optional) Enable redirecting an HTTP request to the device and redirecting the client system to a Web page for authentication. Including this statement allows users an easier authentication process because they need to know only the name or IP address of the resource they are trying to access.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]