Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?



SUMMARY Learn about Juniper Secure Connect, a secure remote access VPN solution, and its deployment using SRX Series Firewalls.

What Is Juniper Secure Connect?

With today’s modern, distributed workforce, organizations need to keep remote users connected and productive while ensuring business continuity and security. Organizations need to provide endpoint protection as part of a comprehensive and connected security strategy.

Juniper Secure Connect is a client-based SSL-VPN application that allows you to securely connect and access protected resources on your network. This application, when combined with SRX Series Firewalls, helps organizations quickly achieve dynamic, flexible, and adaptable connectivity from devices anywhere across the globe. Juniper Secure Connect extends visibility and enforcement from client to cloud using secure VPN connections.

Juniper Secure Connect solution includes:

  • SRX Series Firewall—Serves as an entry and exit point for communication between users with Juniper Secure Connect and the protected resources on the corporate network or in the cloud.

  • Juniper Secure Connect application—Secures connectivity between the protected resources and the host clients running Microsoft Windows, Apple macOS and iOS/iPadOS, and Android operating systems. The Juniper Secure Connect application connects through a VPN tunnel to the SRX Series firewall to gain access to the protected resources in the network.

Figure 1 illustrates the Juniper Secure Connect remote access solution for establishing secure VPN connectivity for remote users at different locations.

Figure 1: Juniper Secure Connect Remote Access Solution Juniper Secure Connect Remote Access Solution

This document is for system administrators who want to configure remote-access VPN for Juniper Secure Connect on SRX Series Firewalls. If you are a remote user, see Juniper Secure Connect User Guide.

Benefits of Juniper Secure Connect

  • Secure remote access from anywhere with VPN

  • Simple user experience

  • Easy management of remote clients, policies, and VPN events from a single console (using J-Web)

Advantages of Juniper Secure Connect over Dynamic VPN

Dynamic VPN is a legacy offering from Juniper Networks. Read this topic to understand the differences between Juniper Secure Connect and Dynamic VPN, and why Juniper Secure Connect is preferred over Dynamic VPN.

Figure 2 shows the high-level comparison between Juniper Secure Connect and Dynamic VPN.

Figure 2: High-Level Feature Comparison Between Juniper Secure Connect and Dynamic VPN High-Level Feature Comparison Between Juniper Secure Connect and Dynamic VPN

Table 1 shows the connection feature related differences between dynamic VPN and Juniper Secure Connect on SRX Series Firewalls:

Table 1: Differences Between Dynamic VPN and Juniper Secure Connect on SRX Series Firewalls

Connection Features

Dynamic VPN

Juniper Secure Connect

Connection mode

IPsec mode

IPsec is the preferred mode.

Juniper Secure Connect automatically changes the protocol to SSL-VPN on need basis to bypass restrictive networks where IPsec traffic is blocked.

VPN connectivity mode

Policy-based VPN, which requires each firewall policy to define the connectivity and VPN establishment.

Route-based VPN connectivity.

Allows you to define fine granular firewall policies including other services, such as Advanced Threat Prevention (ATP) Cloud, User Firewall, and so on.


With Juniper Secure Connect offering more benefits, we do not provide Dynamic VPN as a solution for remote access VPN deployment. While we plan to discontinue support for Dynamic VPN, we recommend you to migrate existing Dynamic VPN deployments to Juniper Secure Connect. For migrating to Juniper Secure Connect, see Migrating from Junos OS Dynamic VPN to Juniper Secure Connect.

Deployment Scenario for Juniper Secure Connect

Figure 3 shows the deployment scenario for Juniper Secure Connect. Ensure you adjust the configuration values to map to your environment.

Figure 3: Deployment Scenario for Juniper Secure ConnectDeployment Scenario for Juniper Secure Connect

For traffic to flow correctly, you can either include a route in the protected network for the IP address that you assign to the clients directs to the SRX Series Firewalls or NAT all client traffic coming into the protected networks.


You must ensure that the SRX Series Firewall uses either a signed certificate or a self-signed certificate instead of the default system-generated certificate. Before you start configuring Juniper Secure Connect, it is important that you read the instructions in Prerequisites for Deploying Juniper Secure Connect.