Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to make a NetScreen firewall use an external server for authentication

0

0

Article ID: KB7200 KB Last Updated: 20 Feb 2020Version: 7.0
Summary:
This article provides information on how to make a NetScreen firewall use an external server for authentication.
Symptoms:
Environment:
 
  • Radius
  • Internet Authentication Server /  IAS
  • LDAP
  • SecurID
  • External Authentication
  • Xauth
Solution:

Note: This solution is applicable to ScreenOS 4.0.0 or later.

For all types of authentication (including administration, firewall user authentication, L2TP, and XAuth), the following options are available:

  • Local authentication database on the NetScreen device

  • An external authentication server (ie RADIUS)
 

Note: The admin type external authentication server cannot be mixed with Auth, L2TP, or XAuth.  If you want to use the same authentication server for Admin, along with any of the other attributes, you need to create a second authentication server for the non-Admin attributes.

To create an external authentication server via the WebUI, perform the following procedure:

  1. Go to Configuration > Auth > Auth Servers.

  2. Click New.

  3. Type a name for this Auth server (i.e. firewall1)

  4. Type an IP address or domain name for this authentication server (i.e. 10.1.1.10)

  5. (Optional) Select up to two backup authentication servers (in case the primary server fails) (i.e. 1.1.1.10, 1.1.1.11)

  6. Select the account type (admin cannot be mixed with the others). (i.e. admin)

  7. For RADIUS, type a shared secret. (i.e. $ABC123)

  8. Click OK.



To create the same via the CLI:
set auth-server firewall1 type radius
set auth-server firewall1 server-name 10.1.1.10
set auth-server firewall1 backup1 1.1.1.10
set auth-server firewall1 backup2 1.1.1.11
set auth-server firewall1 timeout 10
set auth-server firewall1 account-type admin
set auth-server firewall1 radius port 1645
set auth-server firewall1 radius timeout 3
set auth-server firewall1 radius secret $ABC123
save


For detailed examples, refer to the Concepts & Examples ScreenOS Reference Guide Release 6.3.0, Rev. 02.

Modification History:
2020-02-20: minor non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search