pass-through (Firewall-authentication)
Syntax
pass-through {
default-profile profile-name;
ftp {
banner {
fail string;
login string;
success string;
}
}
http {
banner {
fail string;
login string;
success string;
}
telnet {
banner {
fail string;
login string;
success string;
}
}
Hierarchy Level
[edit access firewall-authentication] [edit logical-systems name tenants name access firewall-authentication], [edit tenants name access firewall-authentication]
Description
Configure pass-through , when a host or user from one zone needs to access a protected resource in another zone. A user must use an FTP, Telnet, or HTTP client to access the IP address of the protected resource and get authenticated by the firewall. The device uses FTP, Telnet, and HTTP to collect username and password information. Subsequent traffic from the user or host is allowed or denied based on the result of this authentication. After the user is authenticated, the firewall proxies the connection.
Options
| default-profile |
Name of profile to use if not specified in policy |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
access—To view this statement in the configuration.
access-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
Statement introduced for logical-systems and tenant in Junos OS Release 18.3R1.
HTTPS for pass-through authentication is supported on SRX5400, SRX5600, and SRX5800 devices starting from Junos OS Release 12.1X44-D10 and on vSRX Virtual Firewall, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, and SRX1500 Services Gateways starting from Junos OS Release 15.1X49-D40.