July 17, 2024 Release
Secure Edge New Features: July 17, 2024
Monitor
Secure Edge reports—You can see information about the logs that are sent to an external security information and event management (SIEM) server, such as how many log streaming licenses are assigned and used and how much data is streamed in logs, in the Secure Edge reports. [See About the Secure Edge Reports Page.]
Identity
Authentication frequency settings—You can now decide when users’ web browser cookies expire by configuring how frequently users must authenticate their access to Juniper Secure Edge. This configuration gives you control over users' access to the portal. [See About the Authentication Settings Page.]
Security Subscriptions
CASB inline cloud application—You can configure rules to control activities on the cloud applications for a Cloud Access Security Broker (CASB) profile. Juniper Secure Edge supports the following newly added cloud applications and features:
-
Amazon EFS—Login, Upload, Download, Create, Delete, and Edit
-
Amazon S3—Login, Upload, Download, Create, and Delete
-
GitHub—Login, Upload, Download, Create, View, and CreateRepo
-
Microsoft OneDrive Personal—Login, Upload, Download, and Share
-
Microsoft Teams—Chat, Audio/Video, and File Transfer
[See Add Rules to a CASB Profile.]
CASB profile rules—You can now:
-
Click the application/application group name, activities, or application instances on the CASB Rules page to view the details on the configured activities and application instances.
-
Select either Cloud application group or Cloud applications under Cloud Applications on the CASB Rules page.
[See About the CASB Rules Page and Add Rules to a CASB Profile.]
Service Management
Protected networks using address groups in sites—You can now give access to groups of IP addresses as protected networks while creating a new site, in addition to specifying IP address ranges. You can also create new address groups to include them in the new site. This new option enables you to add protected networks based on address groups rather than manually adding IP addresses or IP address ranges. [See Create a Site.]
Integrating Mist with Juniper Security Director Cloud —Customer administrators can now configure tunnel keepalives between customer-premises equipment (CPE) and Juniper Secure Edge from the Mist console. After you enable an external probe for a site, Juniper Secure Edge automatically creates a shared address object and a security firewall policy that allows the probes to pass through. [See About the External Probe Page.]
Administration
Log compression before streaming—You can now choose to compress logs using GZip before streaming the logs to Microsoft Azure. To use this feature, you must select the Azure Logic App SIEM server connection type in a log stream. [See Add a Log Stream.]
Back up logs at a cloud-based location—You can now configure a cloud-based location where your SRX Series Firewall and Secure Edge logs are backed up. Only paid subscribers with a Juniper Security Director Cloud, a Juniper Secure Edge, or a storage license can use this backup option. [See About the Organization Page.]
API security—Customer administrators can now allow specified users to access protected services or resources using access tokens. Log in to the Juniper Security Director Cloud portal, navigate to Administration > API Security, and configure API security. We currently support the API key and OAuth token security mechanisms.
Juniper Secure Edge supports Swagger 2.0 REST API specifications in JSON format. To access the Swagger API specification, open a web browser and enter https://base-url/sd-swagger/, where base-url is the root address of the website or application. You can access APIs for the following functions:
-
Identity and access management (IAM)
-
PAC Manager
-
Service Location
-
Sites
While IAM APIs are available to both Juniper Secure Edge customers and SRX Series firewall customers, PAC Manager, Service location, and Sites APIs are available only to the Juniper Secure Edge customers.
[See About the API Security Page.]