Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
external-header-nav
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Junos CLI Reference CLI Reference R

Junos CLI Reference

keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

remote-access (Juniper Secure Connect)

date_range 20-Nov-23
arrow_backward
arrow_forward

Syntax

content_copy zoom_out_map
remote-access {
    client-config name {
        application-bypass {
            term name {
                description description;
                protocol protocol;
                domain-name domain-name 
     }
}
        biometric-authentication;
        certificate {
            no-expiry-warning;
            no-pin-request-per-connection;
            warn-before-expiry days;
        }
        connection-mode (always | manual);
        dead-peer-detection {
            interval seconds;
            threshold threshold;
        }
        no-dead-peer-detection;
        no-eap-tls;
        no-tcp-encap;
        windows-logon {
            auto-dialog-open;
            disconnect-at-logoff;
            domain domain;
            eap-auth;
            flush-credential-at-logoff;
            lead-time-duration seconds;
            mode (automatic | manual);
        }
    }
    compliance
        pre-logon name {
        term term-name {
             match {
                 platform {
                    (android | ios | macos | windows) {
                        (app-version | os-version) {
                            (equal | greater-than | greater-than-or-equal | less-than | less-than-or-equal) version; 
                    }
                }
            }
                hostname value;
                ms-domain value;
                ms-workgroup value;
                deviceid value;
            }
             action (accept | reject);
    }
}
    default-profile default-profile;             
    global-options {
        auth-token-valid-time seconds;                
    }
    profile realm-name {
        access-profile access-profile;                
        client-config client-config;
        compliance {
            pre-logon compliance-rule;
        description description;
        ipsec-vpn ipsec-vpn;                
    }
    traceoptions {
        file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
        flag name;
        level (brief | detail | extensive | verbose);
        no-remote-trace;
    }
}

Hierarchy Level

content_copy zoom_out_map
[edit security]

Description

Configure remote access settings.

You must configure the remote client settings on SRX Series Firewall to facilitate auto configuration for Juniper Secure Connect remote clients.

When a remote client downloads Juniper Secure Connect application, the application establishes an HTTPS connection with the security device. All authenticated clients fetch the configuration file from the security device and establish a VPN tunnel. This step eliminates the need for the remote clients to configure parameters for certificate identifier parameters, remote access client settings, and IKE and IPsec parameters on their device to establish a VPN connection.

Options

client-config

Define Juniper Secure Connect remote client configuration parameters.

compliance

Configure the compliance rules for the Juniper Secure Connect client’s connection request

default-profile

Configure default profile. On your security device, you must specify one of the remote-access profiles as the default profile.

Note:

Starting in Junos OS Release 23.1R1, we’ve hidden the default-profile option at the [edit security remote-access] hierarchy level. In releases before Junos OS Release 23.1R1, you use this option to specify one of the remote-access profiles as the default profile in Juniper Secure Connect. But with changes to the format of remote-access profile names, we no longer require the default-profile option.

We’ve deprecated default-profile option—rather than immediately removing it—to provide backward compatibility and a chance to make your existing configuration conform to the changed configuration. You’ll receive a warning message if you continue to use the default-profile option in your configuration. However existing deployments are not affected if you modify the current configuration. See default-profile (Juniper Secure Connect).

global-options

Define global parameters for Juniper Secure Connect remote access configuration.

profile

Configure remote user connection profiles for the Juniper Secure Connect clients.

traceoptions

Configure remote access tracing operations for Juniper Secure Connect.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security

Release Information

Statement introduced in Junos OS Release 20.3R1.

Support for prelogon compliance rule is added in Junos OS Release 23.1R1.

Support for application bypass is added in Junos OS Release 23.1R1.

Usage of default-profile options is not allowed starting Junos OS Release 23.1R1.

Related Documentation

arrow_backward PREVIOUS remote
NEXT arrow_forward remote-address
external-footer-nav