pass-through (Security Policy)
Syntax
pass-through {
access-profile profile-name;
client-match user-or-group-name;
ssl-termination-profile profile-name;
web-redirect;
web-redirect-to-https;
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit firewall-authentication]
Description
Configure pass-through firewall user authentication. The user needs to use an FTP, Telnet, or HTTP client to access the IP address of the protected resource in another zone. Subsequent traffic from the user or host is allowed or denied based on the result of this authentication. Once authenticated, the firewall proxies the connection.
Options
access-profileprofile-name—(Optional) Specify the name of the access profile.client-matchuser-or-group—(Optional) Specify the name of the users or user groups in a profile who are allowed access by this policy. If you do not specify any users or user groups, any user who is successfully authenticated is allowed access.ssl-termination-profileprofile-name—(Optional) Specify the SSL termination profile used for SSL offloading.web-redirect—(Optional) Enable redirecting an HTTP request to the device and redirecting the client system to a webpage for authentication. Including this statement allows users an easier authentication process because they need to know only the name or IP address of the resource they are trying to access.web-redirect-to-https—(Optional) Redirect unauthenticated HTTP requests to the internal HTTPS Web server of the device.Note:If
web-redirect-to-httpsis set, then you must specify the SSL termination profile used for SSL offloading.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5. Support for ssl-termination-profile and web-redirect-to-https options added in Junos OS Release
12.1X44-D10.