February 26, 2024 Release
Juniper Security Director Cloud New Features: February 26, 2024
General
Japanese language support—You can now view the GUI on the Juniper Security Director Cloud portal in the Japanese language. To see the GUI in the Japanese language, go to http://sdcloud.juniperclouds.net and select the Japanese language from the Set Language drop-down menu, and log in with your credentials.
SSO with SAML 2.0—Juniper Security Director Cloud supports single sign-on (SSO) with SAML 2.0 protocol. SSO is an authentication method that you can use to securely log in to multiple applications and websites with a single set of credentials.
You can configure SSO to sign in to the Juniper Security Director Cloud portal using external identity providers (IdPs) such as Okta or Microsoft Azure. [See Single Sign-On Configuration Overview.]
Security Subscriptions
Support for Juniper NextGen Web filtering—Juniper NextGen intercepts the HTTP and HTTPS traffic and sends the URL or the destination IP address information to the Juniper NextGen Web Filtering (NGWF) Cloud. The SRX Series Firewall uses URL categorization and site reputation information from the NGWF Cloud to act on traffic.
To use this Web filtering option, you must have Junos OS Release 23.3R1 or later installed. Use these options on the Juniper Security Director Cloud portal to configure this Web filtering option:
-
Engine Type and URL Categories fields on the Web Filtering Profiles page.
Now, you can view Juniper NextGen in the Category column on the URL Categories page.
-
Security Subscriptions field on the Security Policy Rules page.
-
Web Filtering field on the Content Security Profiles page.
Shared Services
Global action for conflicts in imported addresses and services—You can now choose a global action to resolve conflicts between imported and existing addresses and services when you import them to Juniper Security Director Cloud in bulk. The global action can be configured to keep the existing addresses and services, create new addresses and services, or overwrite the existing addresses and services with the imported data. [See Import and Export Addresses and Import and Export Services.]
Secure Edge New Features: February 26, 2024
Security Subscriptions
CASB inline cloud application activity controls—You can configure rules to control activities on the cloud applications for a Cloud Access Security Broker (CASB) profile. Juniper Secure Edge now supports the following newly added cloud applications and features:
-
Gmail—Login, Read, Compose, Send, Upload Attachment, and Download Attachment
-
SharePoint—Login, Upload, Download, and Share
-
Slack—Login, Chat, Audio/Video, and File Transfer
[See Add Rules to a CASB Profile.]
Service Management
Sites—You can now see a hierarchy-based structure on the Sites page (Secure Edge > Service Management > Sites). You can also perform the following tasks:
-
Expand the specific site name to view details about the customer premises equipment (CPE) devices on the Sites page.
-
Enable external probe settings when creating a site.
-
Configure the following Traffic Forwarding settings:
-
Two or more CPE devices for a single site
-
External interfaces to CPE devices
-
One or more tunnels to a CPE device depending on the number of users per site
-
Tunnel type as either IPsec or GRE to forward the traffic
-
-
Configure CPE routing settings such as the primary service location.
[See About the Sites Page.]
External Probe
External Probe—You can now configure the probe settings to enable external probe for a site. With this configuration, customer premises equipment (CPE) devices can monitor the tunnel health status. To navigate to the External Probe page, select Secure Edge > Service Management > External Probe.
Administration
Log streaming—With log streaming, you can now forward audit logs, session logs, and security events from Juniper Secure Edge Cloud to an external security information and event management (SIEM) system via webhook, such as Microsoft Sentinel. On the Log Streaming page, you can configure the type of log to forward to the external SIEM system. [See About the Log Streaming Page.]
Additionally, you can create a log stream report. You can create a report for the current or previous month or the entire period of data transfer to the SIEM system. [See Create Log Streaming Report Definitions.]
Identity Management
User group retrieval from Microsoft Entra ID and Okta—You can now configure the identity provider (IdP) settings in Juniper Secure Edge to retrieve user group information from Microsoft Entra ID (previously known as Azure Active Directory) and Okta. Prior to this release, you had to deploy on-premises Juniper® Identity Management Service (JIMS) collector to retrieve user group information from Active Directory.
To retrieve user group information, log in to the Juniper Security Director Cloud portal, navigate to Secure Edge > Identity > User Authentication > SAML, and enter the required information to configure IdP. Juniper Secure Edge receives user group information from Microsoft Entra ID or Okta. You can use the user groups to manage security policies.
Juniper Security Director Cloud Bug Fixes: February 26, 2024
If you import and deploy your device security policy to the Security Director Cloud and this security policy already has a Web filtering profile assigned through a Content Security profile, then the associated Web filtering fallback action commands are deleted.
Perform the following steps to resolve this issue:
Select SRX > Security Policy > SRX Policy > Import to import a security policy from your device that already has a Web filtering profile assigned through a Content Security profile.
Select SRX > Security Subscriptions > Content Security > Web Filtering Profiles.
The Web Filtering Profiles page appears, displaying the existing Web filtering profiles.
Select the Web filtering profile that you want to edit and click the pencil icon.
The Edit Web Filtering Profiles page opens.
- Modify the following Fallback Actions fields under
Fallback Options:
Server connectivity
Timeout
Too many requests
Click OK to save your changes.
A confirmation message appears indicating the status of the edit operation.