Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

profile (Juniper Secure Connect)

Syntax

Hierarchy Level

Description

Configure remote user connection profiles for the Juniper Secure Connect clients.

The remote access profiles allow you to deploy connection settings for the remote users by pushing the configuration file on the client devices. You can create multiple profiles and set one of the profiles as the default profile.

Note:

Starting in Junos OS Release 23.1R1, we’ve hidden the default-profile option at the [edit security remote-access] hierarchy level. In releases before Junos OS Release 23.1R1, you use this option to specify one of the remote-access profiles as the default profile in Juniper Secure Connect. But with changes to the format of remote-access profile names, we no longer require the default-profile option.

We’ve deprecated default-profile option—rather than immediately removing it—to provide backward compatibility and a chance to make your existing configuration conform to the changed configuration. You’ll receive a warning message if you continue to use the default-profile option in your configuration. However existing deployments are not affected if you modify the current configuration. See default-profile (Juniper Secure Connect).

Each remote access profile includes a realm-name mapping to a URL either in FQDN/RealmName or FQDN format, authentication settings, VPN settings, and client configurations. You can create different remote access profiles for different names or functions.

Example—You can create a configuration profile for the engineering department, and another for the human resource department. You name the profile for engineering department and human resource department as ra.example.com/engineering and ra.example.com/hr respectively.

When a Juniper Secure connect remote user selects a connection profile such as ra.example.com/engineering, the SRX Series Firewall receives the configuration request and selects a remote-access profile with same name —that is—ra.example.com/engineering for pushing the configuration on client device.

Options

realm-name

Set realm-name as remote-access profile name. This is the profile identifier in FQDN/RealmName format.

Examples:

ra.example.com/hr, if FQDN is ra.example.com and Realm name is hr.

ra.example.com/engineering, if FQDN is ra.example.com and Realm name is engineering.

ra.example.com, if FQDN is ra.example.com and Realm name is empty.

Specify an IP address if you do not have an FQDN (192.168.1.10/hr or 192.168.1.10).

access-profile

Select the access profile for authentication and accounting for clients.

client-config

Select the client configuration object.

compliance

Select pre-logon compliance rule object name.

description

Text description of the remote access profile.

ipsec-vpn

Select the IPsec VPN policy object used for IKE and IPsec proposals.

multi-access

Set to allow an user to connect from multiple devices.

user-domain

(Optional) Specify a VPN user domain alias name.

When you associate an IPsec VPN object with two different remote access profiles, you must use the same domain alias name in those remote access profiles. You must not configure different domain alias names for the different remote access profiles that use the same IPsec VPN object.

Required Privilege Level

security

Release Information

Statement introduced in Junos OS Release 20.3R1.

compliance option added in Junos OS Release 23.1R1.

Realms format changed to FQDN/RealmName or FQDN in Junos OS Release 23.1R1.

user-domain option added in Junos OS Release 24.4R1.