Setting Screenos Authentication Options Using General Auth Settings; Clearing Radius Sessions; Assigning An Authentication Request Interface - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Setting ScreenOS Authentication Options Using General Auth Settings
Clearing RADIUS Sessions
Assigning an Authentication Request Interface
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
The authentication screens contain the following device-wide authentication options
you can configure on a security device.
For devices running ScreenOS 5.2, you can configure some general settings that determine
how the security device handles authentication session cleanup and authentication
requests.
Clearing RADIUS Sessions on page 165
Assigning an Authentication Request Interface on page 165
Occasionally, overcharging can occur when a wireless user is assigned the same IP address
that was used for a previously closed connection by a different user. Because the IP
addresses are the same for both connections, the first wireless user might be charged
for the second user's connection time. You can prevent this problem by configuring the
security device to clear RADIUS sessions for a specific IP address when the RADIUS
accounting-stop message is received for that connection.
To enable session cleanup for a security device, in the device navigation tree, select Auth
> General. Configure a RADIUS Accounting Listener port that monitors the connection
for accounting-stop messages, and then select the option RADIUS Accounting Cleanup
Action: Session Cleanup.
By default, the security device sends authentication requests using the route defined in
the route table. For devices running ScreenOS 5.2, you can configure a specific outgoing
source interface for requests sent to an authentication server. You might need to specify
a specific interface for auth requests destined for a VPN tunnel or to route all auth requests
through the same interface for authentication monitoring.
To configure a source interface, in the device navigation tree, select Auth > General, and
then click the Add icon in the Source Interface used for Outgoing Auth Request area.
Select the Authentication Server object that represents the authentication server receiving
the request, and then select an interface on the device through which requests are sent.
NOTE: For details on configuring Authentication Server objects, see the
Network and Security Administration Guide.
After you specify a source interface for auth requests, the security device routes all auth
requests destined for a RADIUS, LDAP, or SecurID server through that interface (one
source interface per authentication server object).
Setting ScreenOS Authentication Options Using Banners Overview on page 166
Setting ScreenOS Authentication Options Using Default Servers Overview on page 167
Chapter 5: Administration
165
Advertisement
Table of Contents
