We use the web-authentication portal for vendors to log in. After log in the vendor can access internal systems as defined by our security policies and destination NAT rules. This works flawlessly except for one detail.
webauth.example.com resolves to a.b.c.d(below).
Going to https://webauth.example.com/ takes one to the Firewall User Web-Authentication Login page.
But, if one goes to https://webauth.example.com/asdfa (or any other random letters) the J-Web login is presented.
Is it possible to use web-authentication without exposing J-web on the same interface?
We have an SRX-300 running 18.2R3.4.
# show system services web-management
management-url admin;
https {
pki-local-certificate webauth-cert;
interface [ ge-0/0/0.0 ge-0/0/1.0 ge-0/0/5.0 ];
}
session {
idle-timeout 60;
}
# show interfaces ge-0/0/5 unit 0 family inet address a.b.c.d/28
web-authentication https;
# show security zones security-zone Internet
screen untrust-screen;
interfaces {
ge-0/0/5.0 {
host-inbound-traffic {
system-services {
ping;
https;
ike;
}
}
}
}