- play_arrow Junos OS Release Notes for ACX Series
- play_arrow Junos OS Release Notes for cRPD
- play_arrow Junos OS Release Notes for cSRX
- play_arrow Junos OS Release Notes for EX Series
- play_arrow Junos OS Release Notes for JRR Series
- play_arrow Junos OS Release Notes for MX Series
- play_arrow What's New
- EVPN
- High Availability
- Interfaces
- Junos Telemetry Interface
- Licensing
- MPLS
- Network Address Translation (NAT)
- Network Management and Monitoring
- Precision Time Protocol (PTP)
- Routing Protocols
- Securing GTP and SCTP Traffic
- Source Packet Routing in Networking (SPRING) or Segment Routing
- Subscriber Management and Services
- VPNs
- Additional Features
- What's Changed
- Known Limitations
- Open Issues
- Resolved Issues
- Migration, Upgrade, and Downgrade Instructions
- play_arrow Junos OS Release Notes for NFX Series
- Junos OS Release Notes for PTX Series
- play_arrow Junos OS Release Notes for QFX Series
- play_arrow Junos OS Release Notes for SRX Series
- play_arrow What's New
- Authentication and Access Control
- Chassis Cluster-specific
- Flow-based and Packet-based Processing
- Intrusion Detection and Prevention
- J-Web
- Licensing
- Network Address Translation (NAT)
- Network Management and Monitoring
- Securing GTP and SCTP Traffic
- Software Installation and Upgrade
- Content Security
- VPNs
- What's Changed
- Known Limitations
- Open Issues
- Resolved Issues
- Migration, Upgrade, and Downgrade Instructions
- play_arrow Junos OS Release Notes for vMX
- play_arrow Junos OS Release Notes for vRR
- play_arrow Junos OS Release Notes for vSRX
- Licensing
- Finding More Information
- Requesting Technical Support
- Revision History
What's Changed
Learn about what changed in this release for Juniper Secure Connect.
VPNs
Change format of remote-access profile names (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve changed the format of remote-access profile names to enhance end-user experience using Juniper Secure Connect. In releases before Junos OS Release 23.1R1, you configure the remote-access profile name using the realm name at the [
edit security remote-access profile realm-name] hierarchy level. But with organizations connecting to several gateways, using the remote-access profile names, such as hr, multiple times in the remote-access connection profile becomes unmanageable.To address this issue, we introduce a new convention for configuring remote-access profile names. You can now configure profile names with URLs using any of the following formats at the [
edit security remote-access profile realm-name] hierarchy level, so that end users can connect to the relevant gateway:FQDN/RealmName
FQDN
IP address/RealmName
IP address
For example, you can now use ra.example.com/hr, ra1.example.com/hr and ra.example.com as realm names.
With the introduction of this convention, we need to deprecate the existing
default-profileoption at the [edit security remote-access] hierarchy level. Your remote-access profiles names will refer to URLs either with an FQDN or with an IP address, depending on how the end users would connect—for example, ra.example.com/hr, ra.example.com, 192.168.1.10/hr or 192.168.1.10. With this change, the end user will now see the connection profile name in the Juniper Secure Connect application as ra.example.com/hr instead of hr, as was the case in earlier releases.In existing deployments, to ensure a smooth transition with this change, we recommend that you modify the profile name hr in the current configuration to ra.example.com/hr or 192.168.1.10/hr at the [
edit] hierarchy level using the follow commands -- content_copy zoom_out_map
user@host# rename security remote-access profile hr to profile ra.example.net/hr
- content_copy zoom_out_map
user@host# rename security remote-access profile hr to profile 192.168.1.10/hr
Unavailability of
default-profileoption for remote-access VPN solution (SRX Series and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve hidden thedefault-profileoption at the [edit security remote-access] hierarchy level. In releases before Junos OS Release 23.1R1, you use this option to specify one of the remote-access profiles as the default profile in Juniper Secure Connect. But with changes to the format of remote-access profile names, we no longer require thedefault-profileoption.We’ve deprecated the
default-profileoption—rather than immediately removing it—to provide backward compatibility and a chance to make your existing configuration conform to the changed configuration. You’ll receive a warning message if you continue to use thedefault-profileoption in your configuration. However, modifying the current configuration does not affect existing deployments.In existing deployments, to ensure a smooth transition with this change, we recommend that you modify the profile name in the current configuration hr to ra.example.com/hr or 192.168.1.10/hr at the [
edit] hierarchy level using the following commands -- content_copy zoom_out_map
user@host# rename security remote-access profile hr to profile ra.example.net/hr
- content_copy zoom_out_map
user@host# rename security remote-access profile hr to profile 192.168.1.10/hr
For new configurations, consider the following scenarios to create a new remote-access profile based on how your end users connect using the Juniper Secure Connect application:
If your end users connect using an IP address, specify the IP address in the profile name.
If your end users connect using an FQDN, specify the FQDN in the profile name.
If you need to separate users with different realm values such as hr, append /hr to the IP address or FQDN as follows:
[
edit security remote-access profile ra.example.net/hr][
edit security remote-access profile 192.168.1.10/hr]
