Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Authentication and Access Control

  • Dynamic filter IPv6 support—Starting in Junos OS Release 23.4R1, you can install filters having destination IPv6 as a match condition. Both IPv4 and IPv6 match conditions can be specified within the same filter.

    [See User Access and Authentication Administration Guide for Junos OS .]

  • Support for firewall users log off, custom logo and banner (SRX Series Firewalls, vSRX3.0, NFX150, NFX250, and NFX350)—Starting in Junos OS Release 23.4R1, firewall users can log off using the logoff button displayed in captive portal after a successful login.

    SRX and NFX administrators can set custom logo for captive portal. SRX and NFX administrators can configure custom login-success, login-fail banner messages in captive-portal. You can configure logo option under set access firewall-authentication web-authentication hierarchy level for custom-logo. You can configure banner option under set access firewall-authentication web-authentication hierarchy level for banner messages.

    [See Configure a Custom Logo and Banner Messages, Captive Portal Authentication, firewall-authentication, web-authentication, banner, and logo.]

  • Support for client/server certificate validation using TLS protocol mutual authentication (SRX Series Firewalls, vSRX3.0, NFX150, NFX250, and NFX350)—Starting in Junos OS Release 23.4R1, a client can authenticate without password based on client/server certificate validation using Mutual TLS (mTLS) authentication. You can configure mtls-profile option at the set security firewall-authentication hierarchy level.

    [See Mutual TLS (mTLS) Authentication for SRX Captive Portal, Example: Configure Mutual-TLS (mTLS) Authentication, mtls-profile, mtls-profile-fallback-password, and firewall-authentication (Security).]

  • Support for destination identity in firewall policy (SRX Series Firewalls, and vSRX3.0)—Starting in Junos OS Release 23.4R1, you can control network access based on destination identity in security policy. You can match the traffic based on destination identity information. You can configure destination-identity-context option at the set security policies from-zone zone-name to-zone zone-name match hierarchy level.

    You can configure identity-context-profile profile-name option at the set user-identification device-information hierarchy level. You can configure destination-identity-context-profile option at the set security policies from-zone zone-name to-zone zone-name match hierarchy level.

    [See user-identification (Services), match (Security Policies), identity-context-profile, destination-identity-context, and destination-identity-context-profile.]