profile (Juniper Secure Connect)
Syntax
profile realm-name { access-profile access-profile; client-config client-config; compliance { pre-logon compliance-rule; } description description; ipsec-vpn ipsec-vpn; options { multi-access; user-domain user-domain; } }
Hierarchy Level
[edit security remote-access]
Description
Configure remote user connection profiles for the Juniper Secure Connect clients.
The remote access profiles allow you to deploy connection settings for the remote users by pushing the configuration file on the client devices. You can create multiple profiles and set one of the profiles as the default profile.
Starting in Junos OS Release 23.1R1, we’ve hidden
the default-profile
option at the [edit security
remote-access
] hierarchy level. In releases before Junos OS Release
23.1R1, you use this option to specify one of the remote-access profiles as the
default profile in Juniper Secure Connect. But with changes to the format of
remote-access profile names, we no longer require the
default-profile
option.
We’ve deprecated default-profile
option—rather than immediately
removing it—to provide backward compatibility and a chance to make your existing
configuration conform to the changed configuration. You’ll receive a warning
message if you continue to use the default-profile
option in
your configuration. However existing deployments are not affected if you modify
the current configuration. See default-profile (Juniper Secure Connect).
Each remote access profile includes a realm-name mapping to a URL either in FQDN/RealmName or FQDN format, authentication settings, VPN settings, and client configurations. You can create different remote access profiles for different names or functions.
Example—You can create a configuration profile for the engineering department, and another for the human resource department. You name the profile for engineering department and human resource department as ra.example.com/engineering and ra.example.com/hr respectively.
When a Juniper Secure connect remote user selects a connection profile such as ra.example.com/engineering, the SRX Series Firewall receives the configuration request and selects a remote-access profile with same name —that is—ra.example.com/engineering for pushing the configuration on client device.
Options
realm-name |
Set realm-name as remote-access profile name. This is the profile identifier in FQDN/RealmName format. Examples: ra.example.com/hr, if FQDN is ra.example.com and Realm name is hr. ra.example.com/engineering, if FQDN is ra.example.com and Realm name is engineering. ra.example.com, if FQDN is ra.example.com and Realm name is empty. Specify an IP address if you do not have an FQDN (192.168.1.10/hr or 192.168.1.10). |
access-profile |
Select the access profile for authentication and accounting for clients. |
client-config |
Select the client configuration object. |
compliance |
Select pre-logon compliance rule object name. |
description |
Text description of the remote access profile. |
ipsec-vpn |
Select the IPsec VPN policy object used for IKE and IPsec proposals. |
multi-access |
Set to allow an user to connect from multiple devices. |
user-domain |
(Optional) Specify a VPN user domain alias name. When you associate an IPsec VPN object with two different remote access profiles, you must use the same domain alias name in those remote access profiles. You must not configure different domain alias names for the different remote access profiles that use the same IPsec VPN object. |
Required Privilege Level
security
Release Information
Statement introduced in Junos OS Release 20.3R1.
compliance
option added in Junos OS Release 23.1R1.
Realms format changed to FQDN/RealmName or FQDN in Junos OS Release 23.1R1.
user-domain
option added in Junos OS Release
24.4R1.