Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

VPNs

  • Support for native IPv6 in carrier-of-carrier VPNs (ACX Series, MX Series, and QFX Series)—Starting in Junos OS Release 23.1R1, you can configure LDP and IGPs using IPv6 addressing to support carrier-of-carriers VPNs. Junos OS supports native IPv6 prefix exchanges in the carrier-of-carriers deployments.

    [See Carrier-of-Carriers VPNs, LDP Native IPv6 Support Overview,, and LDP Configuration.]

  • Introduction of prelogon compliance checks (SRX Series and vSRX 3.0)—In Junos OS Release 23.1R1, we introduce prelogon compliance for Juniper Secure Connect. This functionality validates the current status of a connecting client device prior to the authentication (that is, before user's login). You can configure different match criteria on the SRX Series firewall to allow or reject client devices.

    You can configure this feature using the statement compliance pre-logon name at:

    • [edit security remote-access] hierarchy level to configure prelogon compliance rules.

    • [edit security remote-access profile realm-name] hierarchy level to associate a prelogon compliance rule to the remote-access profile.

    [See prelogon compliance checks.]

  • Passive mode tunneling support for MX-SPC3 (MX240, MX480 and MX960)—Starting in Junos OS Release 23.1R1, we support passive model tunneling on the MX-SPC3 Services Processing Card. You enable this feature to allow IPsec tunneling of malformed packets bypassing the usual active IP checks.

    [See Configuring IPsec VPN on MX-SPC3 Services Card.]

  • Support for application bypass in Juniper Secure Connect (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, you can use Juniper Secure Connect to send specific application traffic directly to its destination instead of passing it through the VPN tunnel. You can accomplish this functionality by specifying domain names and protocols for the specified applications that would bypass the VPN tunnel. The bypass feature simplifies the administrator and end-user experience.

    When you configure the application bypass feature and establish a remote-access VPN tunnel, the configuration automatically enables a stateful firewall rule rejecting incoming connections on other adapters, which prevents the device from becoming a bastion host.

    You can configure this feature on SRX Series firewalls and on vSRX 3.0 virtual firewalls by using application-bypass at the [edit security remote-access client-config name] hierarchy level.

    [See Application Bypass.]

  • Support for multiple certificates and multiple domains (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, with support for multiple certificates and multiple domains, we now allow Juniper Secure Connect connection profiles with different URLs without any certificate warning.

    [See Multiple certificates and domains support.]