Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What's Changed

Learn about what changed in this release for Juniper Secure Connect.

VPNs

  • Change format of remote-access profile names (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve changed the format of remote-access profile names to enhance end-user experience using Juniper Secure Connect. In releases before Junos OS Release 23.1R1, you configure the remote-access profile name using the realm name at the [edit security remote-access profile realm-name] hierarchy level. But with organizations connecting to several gateways, using the remote-access profile names, such as hr, multiple times in the remote-access connection profile becomes unmanageable.

    To address this issue, we introduce a new convention for configuring remote-access profile names. You can now configure profile names with URLs using any of the following formats at the [edit security remote-access profile realm-name] hierarchy level, so that end users can connect to the relevant gateway:

    • FQDN/RealmName

    • FQDN

    • IP address/RealmName

    • IP address

    For example, you can now use ra.example.com/hr, ra1.example.com/hr and ra.example.com as realm names.

    With the introduction of this convention, we need to deprecate the existing default-profile option at the [edit security remote-access] hierarchy level. Your remote-access profiles names will refer to URLs either with an FQDN or with an IP address, depending on how the end users would connect—for example, ra.example.com/hr, ra.example.com, 192.168.1.10/hr or 192.168.1.10. With this change, the end user will now see the connection profile name in the Juniper Secure Connect application as ra.example.com/hr instead of hr, as was the case in earlier releases.

    In existing deployments, to ensure a smooth transition with this change, we recommend that you modify the profile name hr in the current configuration to ra.example.com/hr or 192.168.1.10/hr at the [edit] hierarchy level using the follow commands -

    [See profile (Juniper Secure Connect).]

  • Unavailability of default-profile option for remote-access VPN solution (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve hidden the default-profile option at the [edit security remote-access] hierarchy level. In releases before Junos OS Release 23.1R1, you use this option to specify one of the remote-access profiles as the default profile in Juniper Secure Connect. But with changes to the format of remote-access profile names, we no longer require the default-profile option.

    We’ve deprecated the default-profile option—rather than immediately removing it—to provide backward compatibility and a chance to make your existing configuration conform to the changed configuration. You’ll receive a warning message if you continue to use the default-profile option in your configuration. However, modifying the current configuration does not affect existing deployments.

    In existing deployments, to ensure a smooth transition with this change, we recommend that you modify the profile name in the current configuration hr to ra.example.com/hr or 192.168.1.10/hr at the [edit] hierarchy level using the following commands -

    For new configurations, consider the following scenarios to create a new remote-access profile based on how your end users connect using the Juniper Secure Connect application:

    • If your end users connect using an IP address, specify the IP address in the profile name.

    • If your end users connect using an FQDN, specify the FQDN in the profile name.

    • If you need to separate users with different realm values such as hr, append /hr to the IP address or FQDN as follows:

      • [edit security remote-access profile ra.example.net/hr]

      • [edit security remote-access profile 192.168.1.10/hr]

    [See default-profile (Juniper Secure Connect) .