Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close

external-header-nav

J-Web User Guide for SRX Series Firewalls

keyboard_arrow_up

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Juniper Web Device Manager
- play_arrow Getting Started
play_arrow Add SRX Series Firewall to Security Director Cloud
- Add an SRX Series Firewall to Juniper Security Director Cloud
play_arrow Dashboard
- play_arrow J-Web Dashboard
  - Dashboard Overview
play_arrow Monitor
- play_arrow Network
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
  - About Reports Page
play_arrow Device Administration
- play_arrow Basic Settings
  - Configure Basic Settings
- play_arrow Cluster Management
- play_arrow User & Roles
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificates Management—Certificates
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
  - Manage Your Licenses
- play_arrow Security Package Management
- play_arrow ATP Management
  - Enroll Your Device with Juniper ATP Cloud
  - About the Diagnostics Page
- play_arrow Operations
- play_arrow Software Management
  - Upload Software Packages
  - Rollback Software Package Version
- play_arrow Configuration Management
- play_arrow Alarm Management
  - Monitor Chassis Alarm
  - Monitor System Alarm
- play_arrow RPM
  - Setup RPM
  - View RPM
- play_arrow Tools
- play_arrow Reset Configuration
  - Reset Configuration and Rerun Setup Wizard
play_arrow Network
- play_arrow Connectivity—Interfaces
  - About the Interfaces Page
  - Add a Logical Interface
  - Edit an Interface
  - Delete a Logical Interface
- play_arrow Connectivity—VLAN
  - About the VLAN Page
  - Add a VLAN
  - Edit a VLAN
  - Delete a VLAN
  - Assign an Interface to VLAN
- play_arrow Connectivity—Link Aggregation
  - About the Link Aggregation Page
  - Link Aggregation Global Settings
  - Add a Logical Interface to Link Aggregation
  - Add a Link Aggregation
  - Edit an Aggregated Interface
  - Delete Link Aggregation
  - Search for Text in the Link Aggregation Table
- play_arrow Connectivity—Wireless LAN
  - About the Settings Page
  - Create an Access Point
  - Edit an Access Point
  - Delete an Access Point
  - Create an Access Point Radio Setting
  - Edit an Access Point Radio Setting
  - Delete an Access Point Radio Settings
- play_arrow DHCP Client
  - About the DHCP Client Page
  - Add DHCP Client Information
  - Delete DHCP Client Information
- play_arrow DHCP Server
  - About the DHCP Server Page
  - Add a DHCP Pool
  - Edit a DHCP Pool
  - Delete a DHCP Pool
  - DHCP Groups Global Settings
  - Add a DHCP Group
  - Edit a DHCP Group
  - Delete a DHCP Group
- play_arrow Firewall Filters—IPv4
  - About the IPv4 Page
  - Add IPv4 Firewall Filters
- play_arrow Firewall Filters—IPv6
  - About the IPv6 Page
  - Add IPv6 Firewall Filters
- play_arrow Firewall Filters—Assign to Interfaces
  - About the Assign to Interfaces Page
- play_arrow NAT Policies
  - About the NAT Policies Page
  - Create a Source NAT
  - Edit a Source NAT
  - Delete a Source NAT
- play_arrow NAT Pools
  - About the NAT Pools Page
  - Global Options
  - Create a Source NAT Pool
  - Edit a Source NAT Pool
  - Delete a Source NAT Pool
  - Add a Destination NAT Pool
  - Edit a Destination NAT Pool
  - Delete a Destination NAT Pool
- play_arrow Destination NAT
  - About the Destination Page
  - Add a Destination Rule Set
  - Edit a Destination Rule Set
  - Delete a Destination Rule Set
- play_arrow Static NAT
  - About the Static Page
  - Add a Static Rule Set
  - Edit a Static Rule Set
  - Delete a Static Rule Set
- play_arrow NAT Proxy ARP/ND
  - About the Proxy ARP/ND Page
  - Add a Proxy ARP
  - Edit a Proxy ARP
  - Delete a Proxy ARP
  - Add a Proxy ND
  - Edit a Proxy ND
  - Delete a Proxy ND
- play_arrow Static Routing
  - About the Static Routing Page
  - Add a Static Route
  - Edit a Static Route
  - Delete a Static Route
- play_arrow RIP Routing
  - About the RIP Page
  - Add a RIP Instance
  - Edit a RIP Instance
  - Delete a RIP Instance
  - Edit RIP Global Settings
  - Delete RIP Global Settings
- play_arrow OSPF Routing
  - About the OSPF Page
  - Add an OSPF
  - Edit an OSPF
  - Delete an OSPF
- play_arrow BGP Routing
  - About the BGP Page
  - Add a BGP Group
  - Edit a BGP Group
  - Delete a BGP Group
  - Edit Global Information
- play_arrow Routing Instances
  - About the Routing Instances Page
  - Add a Routing Instance
  - Edit a Routing Instance
  - Delete a Routing Instance
- play_arrow Routing—Policies
  - About the Policies Page
  - Global Options
  - Add a Policy
  - Clone a Policy
  - Edit a Policy
  - Delete a Policy
  - Test a Policy
- play_arrow Routing—Forwarding Mode
  - About the Forwarding Mode Page
- play_arrow CoS—Value Aliases
  - About the Value Aliases Page
  - Add a Code Point Alias
  - Edit a Code Point Alias
  - Delete a Code Point Alias
- play_arrow CoS—Forwarding Classes
  - About the Forwarding Classes Page
  - Add a Forwarding Class
  - Edit a Forwarding Class
  - Delete a Forwarding Class
- play_arrow CoS Classifiers
  - About the Classifiers Page
  - Add a Classifier
  - Edit a Classifier
  - Delete a Classifier
- play_arrow CoS—Rewrite Rules
  - About the Rewrite Rules Page
  - Add a Rewrite Rule
  - Edit a Rewrite Rule
  - Delete a Rewrite Rule
- play_arrow CoS—Schedulers
  - About the Schedulers Page
  - Add a Scheduler
  - Edit a Scheduler
  - Delete a Scheduler
- play_arrow CoS—Scheduler Maps
  - About the Scheduler Maps Page
  - Add a Scheduler Map
  - Edit a Scheduler Map
  - Delete a Scheduler Map
- play_arrow CoS—Drop Profile
  - About the Drop Profile Page
  - Add a Drop Profile
  - Edit a Drop Profile
  - Delete a Drop Profile
- play_arrow CoS—Virtual Channel Groups
  - About the Virtual Channel Groups Page
  - Add a Virtual Channel
  - Edit a Virtual Channel
  - Delete a Virtual Channel
- play_arrow CoS—Assign To Interface
  - About the Assign To Interface Page
  - Edit a Port
  - Add a Logical Interface
  - Edit a Logical Interface
  - Delete a Logical Interface
- play_arrow Application QoS
  - About the Application QoS Page
  - Add an Application QoS Profile
  - Edit an Application QoS Profile
  - Clone an Application QoS Profile
  - Delete an Application QoS Profile
  - Add a Rate Limiter Profile
  - Edit a Rate Limiter Profile
  - Clone a Rate Limiter Profile
  - Delete a Rate Limiter Profile
- play_arrow IPsec VPN
  - About the IPsec VPN Page
  - IPsec VPN Global Settings
  - Create a Site-to-Site VPN
  - Create a Remote Access VPN—Juniper Secure Connect
  - Create a Remote Access VPN—NCP Exclusive Client
  - Edit an IPsec VPN
  - Delete an IPsec VPN
- play_arrow Dynamic VPN
  - About the Dynamic VPN Page
  - Global Settings
  - IPsec Template
  - Add a Dynamic VPN
  - Edit a Dynamic VPN
  - Delete a Dynamic VPN
- play_arrow Compliance
  - About the Compliance Page
  - Create Pre-Logon Compliance
  - Edit Pre-Logon Compliance
  - Delete Pre-Logon Compliance
play_arrow Security Policies and Objects
- play_arrow Security Policies
- play_arrow Metadata Streaming Policy
- play_arrow Zones/Screens
- play_arrow Zone Addresses
- play_arrow Global Addresses
- play_arrow Services
- play_arrow Dynamic Applications
- play_arrow Application Tracking
  - About the Application Tracking Page
- play_arrow Schedules
- play_arrow Proxy Profiles
play_arrow Security Services
- play_arrow Content Security Default Configuration
  - About the Default Configuration Page
  - Edit a Default Configuration
  - Delete a Default Configuration
- play_arrow Content Security Antivirus Profiles
  - About the Antivirus Profiles Page
  - Add an Antivirus Profile
  - Clone an Antivirus Profile
  - Edit an Antivirus Profile
  - Delete an Antivirus Profile
  - Prevent Virus Attacks by Using J-Web Content Security Antivirus
- play_arrow Content Security Web Filtering Profiles
  - About the Web Filtering Profiles Page
  - Add a Web Filtering Profile
  - Clone a Web Filtering Profile
  - Edit a Web Filtering Profile
  - Delete a Web Filtering Profile
  - Allow or Block Websites by Using J-Web Integrated Content Security Web Filtering
- play_arrow Content Security Antispam Profiles
  - About the Antispam Profiles Page
  - Add an Antispam Profile
  - Clone an Antispam Profile
  - Edit an Antispam Profile
  - Delete an Antispam Profile
- play_arrow Content Security Content Filtering Profiles
  - About the Content Filtering Profiles Page
  - Add a Content Filtering Profile
  - Clone a Content Filtering Profile
  - Edit a Content Filtering Profile
  - Delete a Content Filtering Profile
- play_arrow Content Security Custom Objects
  - About the Custom Objects Page
  - Add a MIME Pattern List
  - Add a File Extension List
  - Add a Protocol Command List
  - Add a URL Pattern List
  - Add a URL Category List
  - Add a Custom Message List
  - Clone Custom Objects
  - Edit Custom Objects
  - Delete Custom Objects
- play_arrow Content Security Policies
  - About the Content Security Policies Page
  - Create a Content Security Policy
  - Clone a Content Security Policy
  - Edit a Content Security Policy
  - Delete a Content Security Policy
- play_arrow IPS Policies
  - About the IPS Policies Page
  - Import IPS Predefined Policies
  - Add an IPS Policy
  - Clone an IPS Policy
  - Edit an IPS Policy
  - Delete an IPS Policy
  - Add Rules to an IPS Policy
  - Edit an IPS Policy Rule
  - Delete an IPS Policy Rule
- play_arrow IPS Signatures
  - About the IPS Signatures Page
  - Import Snort Rules
  - Create a Custom IPS Signature
  - Create IPS Signature Static Groups
  - Create IPS Signature Dynamic Group
  - Clone an IPS Signature
  - Edit an IPS Signature
  - Delete an IPS Signature
- play_arrow IPS Sensor
  - About the Sensor Page
- play_arrow ALG
  - About the ALG Page
- play_arrow Metadata Streaming Profile
  - About the Metadata Streaming Profile Page
  - Configure DNS Filter
  - Create a Metadata Streaming Profile
  - Edit a Metadata Streaming Profile
  - Delete a Metadata Streaming Profile
- play_arrow ATP Anti-malware
  - About the Anti-malware Page
  - Create an Anti-malware Profile
  - Edit an Anti-malware Profile
  - Delete an Anti-malware Profile
- play_arrow ATP SecIntel Profiles
  - About the SecIntel Profiles Page
  - Configure DNS Sinkhole
  - Create a Command and Control Profile
  - Edit a Command and Control Profile
  - Delete a Command and Control Profile
  - Create a DNS Profile
  - Edit a DNS Profile
  - Delete a DNS Profile
  - Create an Infected Hosts Profile
  - Edit an Infected Hosts Profile
  - Delete an Infected Hosts Profile
- play_arrow ATP SecIntel Profile Groups
  - About the SecIntel Profile Groups Page
  - Create a SecIntel Profile Group
  - Edit a SecIntel Profile Group
  - Delete a SecIntel Profile Group
- play_arrow SSL Initiation Profiles
  - About the SSL Initiation Profile Page
  - Add an SSL Initiation Profile
  - Edit an SSL Initiation Profile
  - Delete SSL Initiation Profile
- play_arrow SSL Proxy Profiles
  - About the SSL Proxy Page
  - Add an SSL Proxy Profile
  - Clone an SSL Proxy Profile
  - Edit an SSL Proxy Profile
  - Delete a SSL Proxy Profile
- play_arrow Firewall Authentication—Access Profile
  - About the Access Profile Page
  - Add an Access Profile
  - Edit an Access Profile
  - Delete an Access Profile
- play_arrow Firewall Authentication—Address Pools
  - About the Address Pools Page
  - Add an Address Pool
  - Edit an Address Pool
  - Delete Address Pool
  - Search for Text in an Address Pools Table
- play_arrow Firewall Authentication Settings
  - About the Authentication Settings Page
- play_arrow Firewall Authentication—UAC Settings
  - About the UAC Settings Page
- play_arrow Firewall Authentication—Active Directory
  - About the Active Directory Page
- play_arrow Firewall Authentication—Local Authentication
  - About the Local Authentication Page
  - Add a Local Authentication Entry
  - Delete a Local Authentication Entry
- play_arrow Firewall Authentication—Authentication Priority
  - About the Authentication Priority Page
- play_arrow Firewall Authentication—JIMS
  - About the Juniper Identity Management Service Page
  - Add a Juniper Identity Management Service Profile
  - Edit a Juniper Identity Management Service Profile
  - Delete a Juniper Identity Management Service Profile
- play_arrow ICAP Redirect
  - About the ICAP Redirect Profile Page
  - Add an ICAP Redirect Profile
  - Edit an ICAP Redirect Profile
  - Delete ICAP Redirect Profile

list Table of Contents

English

keyboard_arrow_right

Add an SSL Initiation Profile

date_range 06-May-22

arrow_backward

arrow_forward

You are here: Security Services > SSL Profiles > SSL Initiation.

To add an SSL initiation profile:

Click + on the upper-right corner of the SSL Initiation Profile page.
The Create SSL Initiation Profile page appears.
Complete the configuration according to the guidelines provided in Table 1.
Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Fields on the Create SSL Initiation Profile Page
Field	Action
General Information
Name	Enter a unique name of the SSL initiation profile. The string must consist of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.
Flow Tracing	Select this option to enable flow trace for troubleshooting policy-related issues for this profile.
Protocol Version	Specifies the accepted protocol SSL version. Select the protocol from the list: None, All, TSLv1, TSLv1.1, or TSLv1.2.
Preferred Cipher	Specify the cipher depending on their key strength. Select a preferred cipher from the list: Custom—Configure custom cipher suite and order of preference. Medium—Use ciphers with key strength of 128 bits or greater. Strong—Use ciphers with key strength of 168 bits or greater. Weak—Use ciphers with key strength of 40 bits or greater.
Custom Ciphers	Select one or more Ciphers from the list. Click Clear All to clear the selected ciphers from the list.
Session Cache	Select this option to enable SSL session cache.
Certificate
Trusted CA	Select the trusted certificate authority profile from the list. Specify the set of ciphers the SSH server can use to perform encryption and decryption functions. If this option is not configured, the server accepts any supported suite that is available.
Client Certificate	Specify a client certificate that is required to effectively authenticate the client. Select the appropriate client certificate from the list. None SSLRP_Automation_Cert_2 SSLFP_Automation_Cert_1 SSLRP_Automation_Cert_1 SSLFP_Automation_Cert_2 SSL2
Actions
Server Authentication Failure	Select this option to ignore server authentication completely. In this case, SSL forward proxy ignores errors encountered during the server certificate verification process (such as CA signature verification failure, self-signed certificates, and certificate expiry). We do not recommend this option for authentication, because configuring it results in websites not being authenticated at all. However, you can use this option to effectively identify the root cause for dropped SSL sessions.
CRL Validation	Enable this option to disable CRL validation.
Action	Select an action from the list if CRL info is not present: None Allow Drop
Hold Instruction Code	Select Ignore if you want to keep the instruction code on hold for this profile.

arrow_backward PREVIOUS About the SSL Initiation Profile Page

NEXT arrow_forward Edit an SSL Initiation Profile