Learn about Juniper Secure Connect, a secure remote access VPN solution, and its advantages over dynamic VPN.
What Is Juniper Secure Connect?
With today’s modern, distributed workforce, organizations need to keep remote users connected and productive while ensuring business continuity and security. Organizations need to provide endpoint protection as part of a comprehensive and connected security strategy.
Juniper Secure Connect is a client-based SSL-VPN application that allows you to securely connect and access protected resources on your network. This application, when combined with SRX Series Services Gateways, helps organizations quickly achieve dynamic, flexible, and adaptable connectivity from devices anywhere across the globe. Juniper Secure Connect extends visibility and enforcement from client to cloud using secure VPN connections.
Juniper Secure Connect solution includes:
SRX Series firewall—Serves as an entry and exit point for communication between users with Juniper Secure Connect and the protected resources on the corporate network or in the cloud.
Juniper Secure Connect application—Secures connectivity between the protected resources and the host clients running Microsoft Windows, Apple macOS, Google Android, and iOS operating systems. The Juniper Secure Connect application connects through a VPN tunnel to the SRX Series firewall to gain access to the protected resources in the network.
Figure 1 illustrates the Juniper Secure Connect remote access solution for establishing secure VPN connectivity for remote users at different locations.
This document is for system administrators who want to configure remote-access VPN for Juniper Secure Connect on SRX Series devices. If you are a remote user, see Juniper Secure Connect User Guide.
Benefits of Juniper Secure Connect
Secure remote access from anywhere with VPN
Simple user experience
Easy management of remote clients, policies, and VPN events from a single console (using J-Web)
Feature Support Comparison Between Juniper Secure Connect and Dynamic VPN
This topic describes the differences between Juniper Secure Connect and dynamic VPN.
Figure 2 shows the high-level comparison between Juniper Secure Connect and dynamic VPN.
Table 1 shows the connection feature related differences between dynamic VPN and Juniper Secure Connect on SRX Series devices:
Table 1: Differences Between Dynamic VPN and Juniper Secure Connect on SRX Series devices
Juniper Secure Connect
IPsec is the preferred mode.
Juniper Secure Connect automatically changes the protocol to SSL-VPN on need basis to bypass restrictive networks where IPsec traffic is blocked.
VPN connectivity mode
Policy-based VPN, which requires each firewall policy to define the connectivity and VPN establishment.
Route-based VPN connectivity.
Allows you to define fine granular firewall policies including other services, such as Advanced Threat Prevention (ATP) Cloud, User Firewall, and so on.
Deployment Scenario for Juniper Secure Connect
Figure 3 shows the deployment scenario for Juniper Secure Connect. Ensure you adjust the configuration values to map to your environment.
For traffic to flow correctly, you can either include a route in the protected network for the IP address that you assign to the clients directs to the SRX Series devices or NAT all client traffic coming into the protected networks.
You must ensure that the SRX Series device uses either a signed certificate or a self-signed certificate instead of the default system-generated certificate. Before you start configuring Juniper Secure Connect, it is important that you read the instructions in Prerequisites for Deploying Juniper Secure Connect.