What's Changed
Learn about what changed in this release for Juniper Secure Connect.
VPNs
-
Change format of remote-access profile names (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve changed the format of remote-access profile names to enhance end-user experience using Juniper Secure Connect. In releases before Junos OS Release 23.1R1, you configure the remote-access profile name using the realm name at the [
edit security remote-access profile realm-name
] hierarchy level. But with organizations connecting to several gateways, using the remote-access profile names, such as hr, multiple times in the remote-access connection profile becomes unmanageable.To address this issue, we introduce a new convention for configuring remote-access profile names. You can now configure profile names with URLs using any of the following formats at the [
edit security remote-access profile realm-name
] hierarchy level, so that end users can connect to the relevant gateway:-
FQDN/RealmName
-
FQDN
-
IP address/RealmName
-
IP address
For example, you can now use ra.example.com/hr, ra1.example.com/hr and ra.example.com as realm names.
With the introduction of this convention, we need to deprecate the existing
default-profile
option at the [edit security remote-access
] hierarchy level. Your remote-access profiles names will refer to URLs either with an FQDN or with an IP address, depending on how the end users would connect—for example, ra.example.com/hr, ra.example.com, 192.168.1.10/hr or 192.168.1.10. With this change, the end user will now see the connection profile name in the Juniper Secure Connect application as ra.example.com/hr instead of hr, as was the case in earlier releases.In existing deployments, to ensure a smooth transition with this change, we recommend that you modify the profile name hr in the current configuration to ra.example.com/hr or 192.168.1.10/hr at the [
edit
] hierarchy level using the follow commands --
user@host# rename security remote-access profile hr to profile ra.example.net/hr
-
user@host# rename security remote-access profile hr to profile 192.168.1.10/hr
-
-
Unavailability of
default-profile
option for remote-access VPN solution (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve hidden thedefault-profile
option at the [edit security remote-access
] hierarchy level. In releases before Junos OS Release 23.1R1, you use this option to specify one of the remote-access profiles as the default profile in Juniper Secure Connect. But with changes to the format of remote-access profile names, we no longer require thedefault-profile
option.We’ve deprecated the
default-profile
option—rather than immediately removing it—to provide backward compatibility and a chance to make your existing configuration conform to the changed configuration. You’ll receive a warning message if you continue to use thedefault-profile
option in your configuration. However, modifying the current configuration does not affect existing deployments.In existing deployments, to ensure a smooth transition with this change, we recommend that you modify the profile name in the current configuration hr to ra.example.com/hr or 192.168.1.10/hr at the [
edit
] hierarchy level using the following commands --
user@host# rename security remote-access profile hr to profile ra.example.net/hr
-
user@host# rename security remote-access profile hr to profile 192.168.1.10/hr
For new configurations, consider the following scenarios to create a new remote-access profile based on how your end users connect using the Juniper Secure Connect application:
-
If your end users connect using an IP address, specify the IP address in the profile name.
-
If your end users connect using an FQDN, specify the FQDN in the profile name.
-
If you need to separate users with different realm values such as hr, append /hr to the IP address or FQDN as follows:
-
[
edit security remote-access profile ra.example.net/hr
] -
[
edit security remote-access profile 192.168.1.10/hr
]
-
-