Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Device Security

  • Pre-ID default policy enhancements (SRX Series Firewalls and vSRX Virtual Firewall)—Starting in Junos OS Release 23.4R1, the Pre-ID default policy (pre-id-default-policy) denies the flow before performing application identification (AppID) when there are no potential policies to permit the flow.

    When the device receives the first packet of a traffic flow, it performs a basic 5-tuple matching and checks the defined potential policies to determine how to treat the packet. If all potential policies have action as "deny", and the default policy action is also set to "deny", then the device denies the traffic and does not perform application identification.

    If any policy has action other than "deny", then the device performs deep packet inspection (DPI) to identify the application.

    The device checks for potential policies on both zone context and global context.

    See [ Pre-id-default-policy].
  • Security Policy Support for Explicit Web Proxy (SRX1500, SRX4100, SRX4200, SRX4600, and vSRX 3.0)—Starting in Junos OS Release 23.4R1, we support explicit web proxy profile security policy. The Juniper Networks® SRX Series Firewalls apply security enforcement based on the rules created in the explicit web proxy profile policy.

    The explicit proxy profile policy can enforce fine-grained rules to filter and inspect the web traffic.

    See [Explicit Web Proxy].

  • User authentication for Explicit Proxy (SRX1500, SRX4100, SRX4200, SRX4600, and vSRX 3.0)— Starting in Junos OS Release 23.4R1, we support firewall LDAP-based user authentication to control user access to the network for explicit web-proxy deployments. We support web authentication with web redirection and usage of captive portals.

    With explicit web proxy authentication in place, when a user first connects to the proxy server, the browser is prompted to provide their credentials. The explicit proxy then verifies the username and password with the LDAP server. If the credentials are valid, the proxy grants access to the client and stores their information in the database.

    See [Explicit Web Proxy].

  • Explicit Web Proxy support is available for on-premises deployment (SRX1500, SRX4100, SRX4200, SRX4600, and vSRX 3.0)—Starting in Junos OS Release 23.4R1, Explicit Web Proxy support is available for on-premises deployment use cases on the following platforms:

    SRX1500

    SRX4100

    SRX4200

    SRX4600

    vSRX3.0

    The Explicit Web Proxy feature and the configurations are available by default.

    SSL proxy support is required to enable SSL decryption service for explicit proxy sessions.

  • Security Services support (cSRX)—Starting in Junos OS Release 23.4R1, Juniper Networks® cSRX Container Firewall (cSRX) supports the following security services for roaming and on-premises users:

    • Content Security (UTM)—Configure, monitor, and manage the Content Security features to secure the network from viruses, malware, or malicious attachments and protect the users from security threats.
    • Intrusion Detection and Prevention (IDP)—Monitor the events occurring in your network, and selectively enforce various attack detection and prevention techniques on the network traffic that passes through the cSRX instances.
    • Juniper Networks Deep Packet Inspection (JDPI)—For deep packet inspection and classification of applications and associated protocol attributes.

    See [Content Security User Guide , Intrusion Detection and Prevention User Guide , and Juniper Networks JDPI ].