Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

remote-access (Juniper Secure Connect)

date_range 20-Nov-23

Syntax

content_copy zoom_out_map
remote-access {
    client-config name {
        application-bypass {
            term name {
                description description;
                protocol protocol;
                domain-name domain-name 
     }
}
        biometric-authentication;
        certificate {
            no-expiry-warning;
            no-pin-request-per-connection;
            warn-before-expiry days;
        }
        connection-mode (always | manual);
        dead-peer-detection {
            interval seconds;
            threshold threshold;
        }
        no-dead-peer-detection;
        no-eap-tls;
        no-tcp-encap;
        windows-logon {
            auto-dialog-open;
            disconnect-at-logoff;
            domain domain;
            eap-auth;
            flush-credential-at-logoff;
            lead-time-duration seconds;
            mode (automatic | manual);
        }
    }
    compliance
        pre-logon name {
        term term-name {
             match {
                 platform {
                    (android | ios | macos | windows) {
                        (app-version | os-version) {
                            (equal | greater-than | greater-than-or-equal | less-than | less-than-or-equal) version; 
                    }
                }
            }
                hostname value;
                ms-domain value;
                ms-workgroup value;
                deviceid value;
            }
             action (accept | reject);
    }
}
    default-profile default-profile;             
    global-options {
        auth-token-valid-time seconds;                
    }
    profile realm-name {
        access-profile access-profile;                
        client-config client-config;
        compliance {
            pre-logon compliance-rule;
        description description;
        ipsec-vpn ipsec-vpn;                
    }
    traceoptions {
        file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
        flag name;
        level (brief | detail | extensive | verbose);
        no-remote-trace;
    }
}

Hierarchy Level

content_copy zoom_out_map
[edit security]

Description

Configure remote access settings.

You must configure the remote client settings on SRX Series Firewall to facilitate auto configuration for Juniper Secure Connect remote clients.

When a remote client downloads Juniper Secure Connect application, the application establishes an HTTPS connection with the security device. All authenticated clients fetch the configuration file from the security device and establish a VPN tunnel. This step eliminates the need for the remote clients to configure parameters for certificate identifier parameters, remote access client settings, and IKE and IPsec parameters on their device to establish a VPN connection.

Options

client-config

Define Juniper Secure Connect remote client configuration parameters.

compliance

Configure the compliance rules for the Juniper Secure Connect client’s connection request

default-profile

Configure default profile. On your security device, you must specify one of the remote-access profiles as the default profile.

Note:

Starting in Junos OS Release 23.1R1, we’ve hidden the default-profile option at the [edit security remote-access] hierarchy level. In releases before Junos OS Release 23.1R1, you use this option to specify one of the remote-access profiles as the default profile in Juniper Secure Connect. But with changes to the format of remote-access profile names, we no longer require the default-profile option.

We’ve deprecated default-profile option—rather than immediately removing it—to provide backward compatibility and a chance to make your existing configuration conform to the changed configuration. You’ll receive a warning message if you continue to use the default-profile option in your configuration. However existing deployments are not affected if you modify the current configuration. See default-profile (Juniper Secure Connect).

global-options

Define global parameters for Juniper Secure Connect remote access configuration.

profile

Configure remote user connection profiles for the Juniper Secure Connect clients.

traceoptions

Configure remote access tracing operations for Juniper Secure Connect.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security

Release Information

Statement introduced in Junos OS Release 20.3R1.

Support for prelogon compliance rule is added in Junos OS Release 23.1R1.

Support for application bypass is added in Junos OS Release 23.1R1.

Usage of default-profile options is not allowed starting Junos OS Release 23.1R1.

external-footer-nav