Dynamic VPN Global Settings Configuration Page Options

  1. Select Configure>IPSec VPN>Dynamic VPN>Global Settings in the J-Web user interface.

    The Dynamic VPN Global Settings configuration page appears. Table 115 explains the contents of this page.

  2. Click one:
    • Add—Adds a new client VPN configuration. Enter information as specified in Table 116.
    • Apply—Applies the selected configuration.
    • Delete—Deletes the selected client VPN configuration.
    • Launch Wizard—Launches the VPN wizard with remote access VPN as the default VPN type.

      The Launch Wizard option is not supported on high-end SRX Series devices.

  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.
    • Cancel—Cancels your entries and returns to the main configuration page.

Table 115: Add Dynamic VPN Global Settings Configuration Page




Dynamic VPN

Access Profile

Specifies the access profile that controls the authentication of users who want to download Access Manager. (You will need to select these access profiles when configuring the IKE gateway and dynamic VPN global options. You can use the same access profile to authenticate users in both cases, or you can use separate access profiles to authenticate downloads and VPN sessions.)

Note: This Access Profile option does not control authentication for VPN sessions. For session authentication, use the Access Profile option on the IKE Gateway Configuration page. For more information, see "Configuring an IKE Gateway Configuration (Dynamic VPNs)."

Select a previously created access profile from the list that is displayed.

Force Upgrade

Specifies an option to set up a program to automatically download the latest client and install it on the user’s computer when the setup program detects a version mismatch between the client and server. Otherwise, the setup program prompts the user to upgrade the client when it detects a version mismatch, but does not force the upgrade. If the user does not choose to upgrade, the setup program will launch the existing client version on the user’s computer.

Select the check box to enable or disable force upgrade. (Enabled by default.)

Table 116: Add Client VPN Global Settings Configuration Details





Specifies the name of the client configuration.

Enter a name.


Specifies the IKE AutoKey configuration to use when establishing the VPN tunnel.

Select a previously configured IKE AutoKey configuration from the list that is displayed.

Remote Protected Resources IP

Specifies the IP address and net mask of a resource behind the firewall. Traffic to the specified resource will go through the VPN tunnel and therefore will be protected by the firewall’s security policies.

Note: The device does not validate that the IP/net mask combination that you enter here matches up with your security policies.

Enter an IP address and net mask and click Add.

Remote Exceptions IP

Specifies the IP address and net mask of exceptions to the remote protected resources list.

Enter an IP address and net mask and click Add.


Specifies the list of users who can use this client configuration.

Note: The server does not validate the names that you enter here, but the names must be the names that the users use to log in to the device when downloading the client.

Enter an user name, and click Add.

Related Documentation