J-Web | Junos OS | Juniper Networks

Enhanced search and filter options for the Logs pages (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX550HM, and vSRX3.0)—Starting in Junos OS Release 23.1R1, J-Web supports additional operators in Monitor > Logs (Sessions, Threats, Web-filtering, ATP, VPN, and All Events) pages for better search and filter functionality. J-Web also supports Netmask when searching for IP addresses.

[See Monitor Session, Monitor Threats, Monitor Web Filtering, Monitor ATP, Monitor VPN, and Monitor All Events.]

Support for packet capture (SRX300, SRX320, RX1500, SRX4100, SRX4600, SRX5600, and vSRX3.0)—Starting in Junos OS Release 23.1R1, you can:

Store the packet capture files locally on the SRX device. To do this task, enable Packet Capture from Security Services > IPS > Packet Capture and then enable Local Storage to configure the local storage parameters.
Download the packet capture files that record IDP attacks. Choose Monitor > Logs > Threats to see the packet capture data.
Download packet capture file that record session-close logs. Choose Monitor > Logs > All Events to view the packet capture data.

[See About the Sensor Page, Monitor Threats, and Monitor All Events.]

Enhanced Certificate Management page (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.1R1, we’ve revamped the Certificate Management page. From this page, you can now:

Create device certificates by using the options:
- Let’s Encrypt
- Local self-signed
- SCEP
- ACME
- Certificate Management Protocol version 2 (CMPv2)
- Certificate signing request (CSR)
Add a certificate authority (CA Certificate and Juniper Bundle).
Enroll the device certificates with the Let’s Encrypt server and the ACME protocol.
Re-enroll a device certificate.
Renew a Local Self-Signed device certificate.

[See About the Certificates page.]

Support for virtual domain certificates (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.1R1, you can create virtual domain certificates from Basic Settings > System Services for secured J-Web access.

[See Configure Basic Settings.]

Support for device certificates in the IPsec VPN page (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.1R1, you can select the device certificate (including Let’s Encrypt or ACME) from the list of local certificates when you configure the IPsec VPN local gateway.

[See Create a Remote Access VPN—Juniper Secure Connect.]

Support for authentication method (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX550HM, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS 23.1R1 Release, you can:

Configure the following authentication methods in Juniper Secure Connect:
- EAP-MSCHAPv2 (Username & Password)
- EAP-TLS (Certificate)
- Pre-shared Key (Username & Password)
Configure the following authentication method in NCP Exclusive Client:
- EAP Based
- Pre-shared Key (Username & Password)

[See Create a Remote Access VPN—Juniper Secure Connect.]

Support for connection profile and IKE ID (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX550HM, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS 23.1R1 Release:

We've renamed the Remote Access column to connection profile in the landing pages of Network > VPN > IPsec VPN and Monitor > Network > IPsec VPN.
You can configure the connection profile in the fully qualified domain name (FQDN) or FQDN/Realm format. Using this connection profile, the SRX device automatically gets the IKE ID. If you change the input for the connection profile, the SRX device automatically gets the updated IKE ID.

[See Create a Remote Access VPN—NCP Exclusive Client.]