VPNs
-
Introduction of prelogon compliance checks (SRX Series and vSRX 3.0)—In Junos OS Release 23.1R1, we introduce prelogon compliance for Juniper Secure Connect. This functionality validates the current status of a connecting client device prior to the authentication (that is, before user's login). You can configure different match criteria on the SRX Series firewall to allow or reject client devices.
You can configure this feature using the statement
compliance pre-logon nameat:-
[edit security remote-access]hierarchy level to configure prelogon compliance rules. -
[edit security remote-access profile realm-name]hierarchy level to associate a prelogon compliance rule to the remote-access profile.
[See prelogon compliance checks.]
-
-
Support for application bypass in Juniper Secure Connect (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, you can use Juniper Secure Connect to send specific application traffic directly to its destination instead of passing it through the VPN tunnel. You can accomplish this functionality by specifying domain names and protocols for the specified applications that would bypass the VPN tunnel. The bypass feature simplifies the administrator and end-user experience.
When you configure the application bypass feature and establish a remote-access VPN tunnel, the configuration automatically enables a stateful firewall rule rejecting incoming connections on other adapters, which prevents the device from becoming a bastion host.
You can configure this feature on SRX Series firewalls and on vSRX 3.0 virtual firewalls by using
application-bypassat the [edit security remote-access client-config name] hierarchy level.[See Application Bypass.]
-
Support for multiple certificates and multiple domains (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, with support for multiple certificates and multiple domains, we now allow Juniper Secure Connect connection profiles with different URLs without any certificate warning.