Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close

external-header-nav

J-Web User Guide for SRX Series Firewalls

keyboard_arrow_up

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Juniper Web Device Manager
- play_arrow Getting Started
play_arrow Dashboard
- play_arrow J-Web Dashboard
  - Dashboard Overview
play_arrow Monitor
- play_arrow Interfaces
  - Monitor Interfaces
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
  - About Reports Page
play_arrow Device Administration
- play_arrow Basic Settings
  - Configure Basic Settings
- play_arrow Cluster Management
- play_arrow User Management
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificate Management—Device Certificates
- play_arrow Certificate Management—Trusted Certificate Authority
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
  - Manage Your Licenses
- play_arrow ATP Management
  - Enroll Your Device with Juniper ATP Cloud
  - About the Diagnostics Page
- play_arrow Operations
- play_arrow Software Management
- play_arrow Configuration Management
- play_arrow Alarm Management
  - Monitor Chassis Alarm
  - Monitor System Alarm
- play_arrow RPM
  - Setup RPM
  - View RPM
- play_arrow Tools
- play_arrow Reset Configuration
  - Configure Setup Wizard
play_arrow Network
- play_arrow Connectivity—Ports
  - About the Ports Page
  - Add a Logical Interface
  - Edit an Interface
  - Delete an Interface
- play_arrow Connectivity—VLAN
  - About the VLAN Page
  - Add a VLAN
  - Edit a VLAN
  - Delete VLAN
  - Assign an Interface to VLAN
- play_arrow Connectivity—Link Aggregation
  - About the Link Aggregation Page
  - Link Aggregation Global Settings
  - Add a Logical Interface to Link Aggregation
  - Add a Link Aggregation
  - Edit an Aggregated Interface
  - Delete Link Aggregation
  - Search for Text in the Link Aggregation Table
- play_arrow Connectivity—PPPoE
  - Configure PPPoE
- play_arrow Connectivity—Wireless LAN
  - About the Settings Page
  - Create an Access Point
  - Edit an Access Point
  - Delete Access Point
  - Create an Access Point Radio Setting
  - Edit an Access Point Radio Setting
  - Delete Access Point Radio Settings
- play_arrow DHCP Client
  - About the DHCP Client Page
  - Add DHCP Client Information
  - Delete DHCP Client Information
- play_arrow DHCP Server
  - About the DHCP Server Page
  - Add a DHCP Pool
  - Edit a DHCP Pool
  - Delete DHCP Pool
  - DHCP Groups Global Settings
  - Add a DHCP Group
  - Edit a DHCP Group
  - Delete DHCP Group
- play_arrow Firewall Filters—IPv4
  - About the IPv4 Page
  - Add IPv4 Firewall Filters
- play_arrow Firewall Filters—IPv6
  - About the IPv6 Page
  - Add IPv6 Firewall Filters
- play_arrow Firewall Filters—Assign to Interfaces
  - About the Assign to Interfaces Page
- play_arrow NAT Policies
  - About the NAT Policies Page
  - Create a Source NAT
  - Edit a Source NAT
  - Delete Source NAT
- play_arrow NAT Pools
  - About the NAT Pools Page
  - Global Options
  - Create a Source NAT Pool
  - Edit a Source NAT Pool
  - Delete Source NAT Pool
  - Add a Destination NAT Pool
  - Edit a Destination NAT Pool
  - Delete Destination NAT Pool
- play_arrow Destination NAT
  - About the Destination Page
  - Add a Destination Rule Set
  - Edit a Destination Rule Set
  - Delete Destination Rule Set
- play_arrow Static NAT
  - About the Static Page
  - Add a Static Rule Set
  - Edit a Static Rule Set
  - Delete Static Rule Set
- play_arrow NAT Proxy ARP/ND
  - About the Proxy ARP/ND Page
  - Add a Proxy ARP
  - Edit a Proxy ARP
  - Delete a Proxy ARP
  - Add a Proxy ND
  - Edit a Proxy ND
  - Delete Proxy ND
- play_arrow Static Routing
  - About the Static Routing Page
  - Add a Static Route
  - Edit a Static Route
  - Delete Static Route
- play_arrow RIP Routing
  - About the RIP Page
  - Add a RIP Instance
  - Edit a RIP Instance
  - Delete RIP Instance
  - Edit RIP Global Settings
  - Delete RIP Global Settings
- play_arrow OSPF Routing
  - About the OSPF Page
  - Add an OSPF
  - Edit an OSPF
  - Delete OSPF
- play_arrow BGP Routing
  - About the BGP Page
  - Add a BGP Group
  - Edit a BGP Group
  - Delete a BGP Group
  - Edit Global Information
- play_arrow Routing Instances
  - About the Routing Instances Page
  - Add a Routing Instance
  - Edit a Routing Instance
  - Delete Routing Instance
- play_arrow Routing—Policies
  - About the Policies Page
  - Global Options
  - Add a Policy
  - Clone a Policy
  - Edit a Policy
  - Delete Policy
  - Test a Policy
- play_arrow Routing—Forwarding Mode
  - About the Forwarding Mode Page
- play_arrow CoS—Value Aliases
  - About the Value Aliases Page
  - Add a Code Point Alias
  - Edit a Code Point Alias
  - Delete Code Point Alias
- play_arrow CoS—Forwarding Classes
  - About the Forwarding Classes Page
  - Add a Forwarding Class
  - Edit a Forwarding Class
  - Delete Forwarding Class
- play_arrow CoS Classifiers
  - About the Classifiers Page
  - Add a Classifier
  - Edit a Classifier
  - Delete Classifier
- play_arrow CoS—Rewrite Rules
  - About the Rewrite Rules Page
  - Add a Rewrite Rule
  - Edit a Rewrite Rule
  - Delete Rewrite Rule
- play_arrow CoS—Schedulers
  - About the Schedulers Page
  - Add a Scheduler
  - Edit a Scheduler
  - Delete Scheduler
- play_arrow CoS—Scheduler Maps
  - About the Scheduler Maps Page
  - Add a Scheduler Map
  - Edit a Scheduler Map
  - Delete Scheduler Map
- play_arrow CoS—Drop Profile
  - About the Drop Profile Page
  - Add a Drop Profile
  - Edit a Drop Profile
  - Delete Drop Profile
- play_arrow CoS—Virtual Channel Groups
  - About the Virtual Channel Groups Page
  - Add a Virtual Channel
  - Edit a Virtual Channel
  - Delete Virtual Channel
- play_arrow CoS—Assign To Interface
  - About the Assign To Interface Page
  - Edit a Port
  - Add a Logical Interface
  - Edit a Logical Interface
  - Delete Logical Interface
- play_arrow Application QoS
  - About the Application QoS Page
  - Add an Application QoS Profile
  - Edit an Application QoS Profile
  - Clone an Application QoS Profile
  - Delete Application QoS Profile
  - Add a Rate Limiter Profile
  - Edit a Rate Limiter Profile
  - Clone a Rate Limiter Profile
  - Delete Rate Limiter Profile
play_arrow Security Policies and Objects
- play_arrow Security Policies
- play_arrow Zones/Screens
- play_arrow Zone Addresses
- play_arrow Global Addresses
- play_arrow Services
- play_arrow Dynamic Applications
- play_arrow Application Tracking
  - About the Application Tracking Page
- play_arrow Schedules
- play_arrow Proxy Profiles
play_arrow Security Services
- play_arrow UTM Default Configuration
  - About the Default Configuration Page
  - Edit a Default Configuration
  - Delete Default Configuration
- play_arrow UTM Antivirus Profiles
  - About the Antivirus Profiles Page
  - Add an Antivirus Profile
  - Clone an Antivirus Profile
  - Edit an Antivirus Profile
  - Delete Antivirus Profile
  - Prevent Virus Attacks by Using J-Web UTM Antivirus
- play_arrow UTM Web Filtering Profiles
  - About the Web Filtering Profiles Page
  - Add a Web Filtering Profile
  - Clone a Web Filtering Profile
  - Edit a Web Filtering Profile
  - Delete Web Filtering Profile
  - Allow or Block Websites by Using J-Web Integrated UTM Web Filtering
- play_arrow UTM Web Filtering Category Update
  - About the Category Update Page
  - Category Update Settings
  - Download and Install Settings
- play_arrow UTM Antispam Profiles
  - About the Antispam Profiles Page
  - Add an Antispam Profile
  - Clone an Antispam Profile
  - Edit an Antispam Profile
  - Delete Antispam Profile
- play_arrow UTM Content Filtering Profiles
  - About the Content Filtering Profiles Page
  - Add a Content Filtering Profile
  - Clone a Content Filtering Profile
  - Edit a Content Filtering Profile
  - Delete Content Filtering Profile
- play_arrow UTM Custom Objects
  - About the Custom Objects Page
  - Add a MIME Pattern List
  - Add a File Extension List
  - Add a Protocol Command List
  - Add a URL Pattern List
  - Add a URL Category List
  - Add a Custom Message List
  - Clone Custom Objects
  - Edit Custom Objects
  - Delete Custom Objects
- play_arrow UTM Policies
  - About the UTM Policies Page
  - Add a UTM Policy
  - Clone a UTM Policy
  - Edit a UTM Policy
  - Delete UTM Policy
- play_arrow IPS Signature Update
  - About the Signature Update Page
  - Download an IPS Signature
  - Install an IPS Signature
  - Check Status of the IPS Signature
  - IPS Signature Download Setting
- play_arrow IPS Sensor
  - About the Sensor Page
- play_arrow IPS Policy
  - About the Policy Page
  - IDP Policy Template
  - Check Status of the IDP Policy
  - Add an IDP Policy
  - Clone an IDP Policy
  - Edit an IDP Policy
  - Delete IDP Policy
- play_arrow ALG
  - About the ALG Page
- play_arrow Advanced Threat Prevention
  - About the Advanced Threat Prevention Page
  - Add a Threat Prevention Policy
  - Edit a Threat Prevention Policy
  - Delete Threat Prevention Policy
- play_arrow SSL Initiation Profiles
  - About the SSL Initiation Profile Page
  - Add an SSL Initiation Profile
  - Edit an SSL Initiation Profile
  - Delete SSL Initiation Profile
- play_arrow SSL Proxy Profiles
  - About the SSL Proxy Page
  - Add an SSL Proxy Profile
  - Clone an SSL Proxy Profile
  - Edit an SSL Proxy Profile
  - Delete SSL Proxy Profile
- play_arrow Firewall Authentication—Access Profile
  - About the Access Profile Page
  - Add an Access Profile
  - Edit an Access Profile
  - Delete an Access Profile
- play_arrow Firewall Authentication—Address Pools
  - About the Address Pools Page
  - Add an Address Pool
  - Edit an Address Pool
  - Delete Address Pool
  - Search for Text in an Address Pools Table
- play_arrow Firewall Authentication Settings
  - About the Authentication Settings Page
- play_arrow Firewall Authentication—UAC Settings
  - About the UAC Settings Page
- play_arrow Firewall Authentication—Active Directory
  - About the Active Directory Page
- play_arrow Firewall Authentication—Local Authentication
  - About the Local Authentication Page
  - Add a Local Auth Entry
  - Delete a Local Auth Entry
- play_arrow Firewall Authentication—Authentication Priority
  - About the Authentication Priority Page
- play_arrow Firewall Authentication—Identity Management
  - About the Identity Management Page
  - Add an Identity Management Profile
  - Edit an Identity Management Profile
  - Delete Identity Management Profile
- play_arrow ICAP Redirect
  - About the ICAP Redirect Profile Page
  - Add an ICAP Redirect Profile
  - Edit an ICAP Redirect Profile
  - Delete ICAP Redirect Profile
play_arrow VPN
- play_arrow IPsec VPN
- play_arrow Manual Key VPN
- play_arrow Dynamic VPN

list Table of Contents

English

keyboard_arrow_right

IPsec VPN Global Settings

date_range 14-Sep-23

arrow_backward

arrow_forward

You are here: VPN > IPsec VPN.

Use this page to view or add the VPN global configuration details. Click Global settings on the IPsec VPN page.

Field Descriptions

Table 1 describes the fields on the Global Settings page.

Table 1: Fields on the Global Settings Page
Field	Description
General
IKE - Respond to bad-spi	Enable this option if you want the device to respond to IPsec packets with invalid IPsec Security Parameter Index (SPI) values.
Max Responses	Enter a value from 1 through 30 to respond to invalid SPI values per gateway. The default is 5. This option is available when Response Bad SPI is selected.
IPsec VPN Monitor Options	Enable this option if you want the device to monitor VPN liveliness.
Interval (seconds)	Enter a value from 2 through 3600 seconds after which Internet Control Message Protocol (ICMP) requests are sent to the peer.
Threshold	Enter a value from 1 through 65,536 to specify the number of consecutive unsuccessful pings before the peer is declared unreachable.
Remote Access VPN
Default Profile Name	Select a default profile name from the list. Note: This option is available when at least one Juniper Secure Connect VPN is created.
SSL VPN Tunnel tracking	Enable this option to track Encapsulated Security Payload (ESP) tunnels.
SSL VPN Profiles	Lists the SSL VPN profiles. Note: This option displays associated IPsec VPNs when at least one Juniper Secure Connect VPN is created. To add a new SSL VPN profile: Click +. The Add SSL VPN Profile page appears. Enter the following details: Name—Enter the name for an SSL VPN profile. Logging—Enable this option to log for SSL VPN. SSL Termination Profile—Select an SSL termination profile from the list. To add a new SSL termination profile: Click Add. The Create SSL Termination Profile page appears. Enter the following details: Name—Enter a name for the SSL termination profile. Server Certificate—Select a server certificate from the list. To add a certificate, click Add. For more information on adding a device certificate, see Add a Device Certificate. To import a certificate, click Import. For more information on importing a device certificate, see Import a Device Certificate. Click OK. Click OK. Click OK. To edit an SSL termination profile, select the profile you want to edit and click on the pencil icon. To delete an SSL termination profile, select the profile you want to delete and click on the delete icon.
Internal SA
Internal SA Keys	Enter the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure. Note: This option is available only for SRX5000 line of devices, SRX4100, SRX4200, SRX4600 devices, and vSRX.

arrow_backward PREVIOUS About the IPsec VPN Page

NEXT arrow_forward Create a Site-to-Site VPN

external-footer-nav