Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Overview

SUMMARY Learn about Juniper Secure Connect, a secure remote access VPN solution, and its advantages over dynamic VPN.

What Is Juniper Secure Connect?

With today’s modern, distributed workforce, organizations need to keep remote users connected and productive while ensuring business continuity and security. Organizations need to provide endpoint protection as part of a comprehensive and connected security strategy.

Juniper Secure Connect is a client-based SSL-VPN application that allows you to securely connect and access protected resources on your network. This application, when combined with SRX Series Services Gateways, helps organizations quickly achieve dynamic, flexible, and adaptable connectivity from devices anywhere across the globe. Juniper Secure Connect extends visibility and enforcement from client to cloud using secure VPN connections.

Juniper Secure Connect solution includes:

  • SRX Series firewall—Serves as an entry and exit point for communication between users with Juniper Secure Connect and the protected resources on the corporate network or in the cloud.

  • Juniper Secure Connect application—Secures connectivity between the protected resources and the host clients running Microsoft Windows, Apple macOS, Google Android, and iOS operating systems. The Juniper Secure Connect application connects through a VPN tunnel to the SRX Series firewall to gain access to the protected resources in the network.

Figure 1 illustrates the Juniper Secure Connect remote access solution for establishing secure VPN connectivity for remote users at different locations.

Figure 1: Juniper Secure Connect Remote Access SolutionJuniper Secure Connect Remote Access Solution

This document is for system administrators who want to configure remote-access VPN for Juniper Secure Connect on SRX Series devices. If you are a remote user, see Juniper Secure Connect User Guide.

Benefits of Juniper Secure Connect

  • Secure remote access from anywhere with VPN

  • Simple user experience

  • Easy management of remote clients, policies, and VPN events from a single console (using J-Web)

Feature Support Comparison Between Juniper Secure Connect and Dynamic VPN

This topic describes the differences between Juniper Secure Connect and dynamic VPN.

Figure 2 shows the high-level comparison between Juniper Secure Connect and dynamic VPN.

Figure 2: High-Level Feature Comparison Between Juniper Secure Connect and Dynamic VPNHigh-Level Feature Comparison Between Juniper Secure Connect and Dynamic VPN

Table 1 shows the connection feature related differences between dynamic VPN and Juniper Secure Connect on SRX Series devices:

Table 1: Differences Between Dynamic VPN and Juniper Secure Connect on SRX Series devices

Connection Features

Dynamic VPN

Juniper Secure Connect

Connection mode

IPsec mode

IPsec is the preferred mode.

Juniper Secure Connect automatically changes the protocol to SSL-VPN on need basis to bypass restrictive networks where IPsec traffic is blocked.

VPN connectivity mode

Policy-based VPN, which requires each firewall policy to define the connectivity and VPN establishment.

Route-based VPN connectivity.

Allows you to define fine granular firewall policies including other services, such as Advanced Threat Prevention (ATP) Cloud, User Firewall, and so on.

Deployment Scenario for Juniper Secure Connect

Figure 3 shows the deployment scenario for Juniper Secure Connect. Ensure you adjust the configuration values to map to your environment.

Figure 3: Deployment Scenario for Juniper Secure ConnectDeployment Scenario for Juniper Secure Connect

For traffic to flow correctly, you can either include a route in the protected network for the IP address that you assign to the clients directs to the SRX Series devices or NAT all client traffic coming into the protected networks.

Note:

You must ensure that the SRX Series device uses either a signed certificate or a self-signed certificate instead of the default system-generated certificate. Before you start configuring Juniper Secure Connect, it is important that you read the instructions in Prerequisites for Deploying Juniper Secure Connect.