Firewall User Authentication Overview

A firewall user is a network user who must provide a username and password for authentication when initiating a connection across the firewall. JUNOS Software enables administrators to restrict and permit firewall users to access protected resources (different zones) behind a firewall based on their source IP address and other credentials.

Note: JUNOS Software also supports the administrator and Point-to-Point Protocol (PPP) user types. For more information, see the JUNOS Software Administration Guide for Security Devices.

After you define firewall users, you can create a policy that requires the users to authenticate themselves through one of two authentication schemes:

• Pass-Through Authentication—A host or a user from one zone tries to access resources on another zone. You must use an FTP, a Telnet, or an HTTP client to access the IP address of the protected resource and to get authenticated by the firewall. The device uses FTP, Telnet, or HTTP to collect username and password information, and subsequent traffic from the user or host is allowed or denied based on the result of this authentication.
• Web Authentication—Users try to connect, using HTTP, to an IP address on the device that is enabled for Web authentication; in this scenario, you do not use HTTP to get to the IP address of the protected resource. You are prompted for the username and password that are verified by the device. Subsequent traffic from the user or host to the protected resource is allowed or denied based on the result of this authentication.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Understanding Pass-Through Authentication
• Understanding Web Authentication
• Understanding External Authentication Servers
• Understanding Client Groups for Firewall Authentication
• Understanding Firewall Authentication Banner Customization