remote-access (Juniper Secure Connect)
Syntax
remote-access {
client-config name {
application-bypass {
term name {
description description;
protocol protocol;
domain-name domain-name
}
}
biometric-authentication;
certificate {
no-expiry-warning;
no-pin-request-per-connection;
warn-before-expiry days;
}
connection-mode (always | manual);
dead-peer-detection {
interval seconds;
threshold threshold;
}
no-dead-peer-detection;
no-eap-tls;
no-tcp-encap;
windows-logon {
auto-dialog-open;
disconnect-at-logoff;
domain domain;
eap-auth;
flush-credential-at-logoff;
lead-time-duration seconds;
mode (automatic | manual);
}
}
compliance
pre-logon name {
term term-name {
match {
platform {
(android | ios | macos | windows) {
(app-version | os-version) {
(equal | greater-than | greater-than-or-equal | less-than | less-than-or-equal) version;
}
}
}
hostname value;
ms-domain value;
ms-workgroup value;
deviceid value;
}
action (accept | reject);
}
}
default-profile default-profile;
global-options {
auth-token-valid-time seconds;
}
profile realm-name {
access-profile access-profile;
client-config client-config;
compliance {
pre-logon compliance-rule;
description description;
ipsec-vpn ipsec-vpn;
}
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
level (brief | detail | extensive | verbose);
no-remote-trace;
}
}
Hierarchy Level
[edit security]
Description
Configure remote access settings.
You must configure the remote client settings on SRX Series Firewall to facilitate auto configuration for Juniper Secure Connect remote clients.
When a remote client downloads Juniper Secure Connect application, the application establishes an HTTPS connection with the security device. All authenticated clients fetch the configuration file from the security device and establish a VPN tunnel. This step eliminates the need for the remote clients to configure parameters for certificate identifier parameters, remote access client settings, and IKE and IPsec parameters on their device to establish a VPN connection.
Options
| client-config |
Define Juniper Secure Connect remote client configuration parameters. |
| compliance |
Configure the compliance rules for the Juniper Secure Connect client’s connection request |
| default-profile |
Configure default profile. On your security device, you must specify one of the remote-access profiles as the default profile. Note:
Starting in Junos OS Release 23.1R1, we’ve hidden
the We’ve deprecated |
| global-options |
Define global parameters for Juniper Secure Connect remote access configuration. |
| profile |
Configure remote user connection profiles for the Juniper Secure Connect clients. |
| traceoptions |
Configure remote access tracing operations for Juniper Secure Connect. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security
Release Information
Statement introduced in Junos OS Release 20.3R1.
Support for prelogon compliance rule is added in Junos OS Release 23.1R1.
Support for application bypass is added in Junos OS Release 23.1R1.
Usage of default-profile options is not allowed starting Junos OS
Release 23.1R1.