[ScreenOS] Configuring a Policy for WebAuth

  [KB4296] Show Article Properties


Summary:

This article explains how to configure a policy for WebAuth for ScreenOS 4.0 and later.

 

Solution:

Note: Note:

  • This article assumes that WebAuth is configured. For information about configuring WebAuth, go to Configuring WebAuth.

Perform the following steps:
  1. Open the WebUI. For more information about accessing the WebUI, go to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI.

  2. From the Juniper firewall device options menu, select Policies.

  1. From the Policies page, create a new policy or edit an existing policy.

In this example, an existing policy is edited.

  1. From the Edit Policy page, click Advanced.

  1. Select WebAuth(Local).

When WebAuth is selected, authentication is automatically enabled.

Redirect

  • No Redirect: Select this option to disable the firewall from redirecting the browser to the WebAuth IP address that is mentioned under Interface settings.

  • Redirect unauthenticated traffic: Select this option to enable the firewall to automatically redirect the browser to the WebAuth IP address.

Note: The firewall will be able to redirect only when the first request that comes to the firewall is HTTP. If the DNS server is outside of the network and the traffic for the DNS has to traverse across the firewall, make sure that there is a policy at the top that allows all DNS traffic to the DNS server without authentication in the security policy. This way, when the web browser creates the HTTP GET request, the firewall can respond by redirecting the request to the WebAuth IP address.

  1. Click OK.

Image of step six

 

Modification History:

2018-09-07: Solution updated with the redirect options that are available for WebAuth; other minor (non-technical) modifications made

 

Related Links: