Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Transparent firewall authentication of Windows client through Juniper SSG

Posted on 2011-02-16
3
Medium Priority
?
1,085 Views
Last Modified: 2012-05-11
We are currently switching from an MS ISA firewall to a Juniper SSG.  One nice feature of ISA is that it's integrated with Active Directory, meaning it's very easy to create firewall access rules that are dependent on AD groups.  For example, only users that are members of the AD group FTPUsers are allowed to use FTP through the ISA.

I am attempting to migrate a few of these group-dependent rules over to the Juniper.  I have managed to configure MS Network Policy Server as the RADIUS server which the Juniper uses for authentication.  This works for authenticating users.  However, they are prompted for credentials when attempting to use a protocol whose Juniper rule is group-dependent.

Does anyone know of a way that the Windows clients could pass the credentials of the logged-on user - via RADIUS - to the Juniper when prompted?

It would go something like this:
Windows client requests use of a protocol through the Juniper -->
<-- Juniper queries for user credentials
Windows client provides credentials of currently logged-on user -->
Juniper authenticates user via RADIUS and provides access, if the user is a member of the relevant group

In short, it's going to be cumbersome for my users if they are required to enter credentials any time that they wish to use a group-dependent protocol through the Juniper.  I've contacted Juniper support, and they're pointing back to the Windows client as the mechanism for solving this issue.  Thank you for your assistance.
0
Comment
Question by:sloth10k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 2000 total points
ID: 34911751
In short, juniper support are correct, the client is the best way to maintain this sign credentials and also pass them on when requested

Sadly, the SSG cannot manage any of this single sign on ( SSO)

However, Juniper do have a very good SSL VPN device, the SA series, that integrates really well into AD and also manages the SSO well too.  It is of course another device but it is the market leader for providing remote access solutions
0
 
LVL 33

Expert Comment

by:digitap
ID: 35187478
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question