0% found this document useful (0 votes)

795 views

Juniper Secure Connect Administrator Guide

Uploaded by

Phuong Tran

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

795 views

Juniper Secure Connect Administrator Guide

Uploaded by

Phuong Tran

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 113

Juniper Secure Connect Administrator

Guide

Published
2020-11-10
ii

Juniper Networks, Inc.

1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

Juniper Secure Connect Administrator Guide

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
iii

Table of Contents
About the Documentation | v

Documentation and Release Notes | v

Documentation Conventions | v

Documentation Feedback | viii

Requesting Technical Support | viii

Self-Help Online Tools and Resources | ix

Creating a Service Request with JTAC | ix

1 Juniper Secure Connect Overview

Overview | 11

What Is Juniper Secure Connect? | 11

Feature Support Comparison Between Juniper Secure Connect and Dynamic VPN | 12

Deployment Scenario for Juniper Secure Connect | 14

2 Get Started with Juniper Secure Connect

System Requirements | 16

License Requirements | 16

Migrating from Junos OS Dynamic VPN to Juniper Secure Connect | 17

Licensing Requirements | 17

Before You Start | 18

Getting Started with J-Web Wizards | 18

Preparing Juniper Secure Connect Configuration | 19

Prerequisites for Deploying Juniper Secure Connect | 19

How Juniper Secure Connect Works? | 23

Authentication Methods | 29

Get Yourself Familiar with Juniper Secure Connect Wizard on J-Web | 31

3 Configure Juniper Secure Connect

Local User Authentication Using Pre-shared Key | 35

Configure Juniper Secure Connect VPN Settings | 36

External User Authentication Using RADIUS | 49

Configure Juniper Secure Connect VPN Settings | 50

Certificate-Based Validation Using EAP-MSCHAPv2 Authentication | 64

Configure Juniper Secure Connect VPN Settings | 65

Certificate-Based Validation Using EAP-TLS Authentication | 81

Configure Juniper Secure Connect VPN Settings | 82

4 Monitor Juniper Secure Connect

Monitor Juniper Secure Connect | 100

Check Junos OS Logs | 100

Check Juniper Secure Connect Application Logs | 102

Windows | 102

macOS | 108

Android | 111
v

About the Documentation

IN THIS SECTION

Documentation and Release Notes | v

Documentation Conventions | v

Documentation Feedback | viii

Requesting Technical Support | viii

Read this guide to learn how you, as a system administrator can configure a remote-access VPN for Juniper
Secure Connect on SRX Series devices. You can also refer this guide, if you are planning to migrate from
Dynamic VPN to Juniper Secure Connect.

Documentation and Release Notes

®
To obtain the most current version of all Juniper Networks technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.

If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.

Documentation Conventions

Table 1 on page vi defines notice icons used in this guide.

Table 1: Notice Icons

Icon Meaning Description

Informational note Indicates important features or instructions.

Caution Indicates a situation that might result in loss of data or hardware

damage.

Warning Alerts you to the risk of personal injury or death.

Laser warning Alerts you to the risk of personal injury from a laser.

Tip Indicates helpful information.

Best practice Alerts you to a recommended use or implementation.

Table 2 on page vi defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

Convention Description Examples

Bold text like this Represents text that you type. To enter configuration mode, type
the configure command:

user@host> configure

Fixed-width text like this Represents output that appears on user@host> show chassis alarms
the terminal screen.
No alarms currently active

Italic text like this • Introduces or emphasizes important • A policy term is a named structure
new terms. that defines match conditions and
• Identifies guide names. actions.

• Identifies RFC and Internet draft • Junos OS CLI User Guide

titles. • RFC 1997, BGP Communities
Attribute
vii

Table 2: Text and Syntax Conventions (continued)

Convention Description Examples

Italic text like this Represents variables (options for Configure the machine’s domain
which you substitute a value) in name:
commands or configuration
[edit]
statements.
root@# set system domain-name
domain-name

Text like this Represents names of configuration • To configure a stub area, include
statements, commands, files, and the stub statement at the [edit
directories; configuration hierarchy protocols ospf area area-id]
levels; or labels on routing platform hierarchy level.
components. • The console port is labeled
CONSOLE.

< > (angle brackets) Encloses optional keywords or stub <default-metric metric>;
variables.

| (pipe symbol) Indicates a choice between the broadcast | multicast

mutually exclusive keywords or
(string1 | string2 | string3)
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.

# (pound sign) Indicates a comment specified on the rsvp { # Required for dynamic MPLS
same line as the configuration only
statement to which it applies.

[ ] (square brackets) Encloses a variable for which you can community name members [
substitute one or more values. community-ids ]

Indention and braces ( { } ) Identifies a level in the configuration [edit]

hierarchy. routing-options {
static {
; (semicolon) Identifies a leaf statement at a route default {
configuration hierarchy level. nexthop address;
retain;
}
}
}

GUI Conventions
viii

Table 2: Text and Syntax Conventions (continued)

Convention Description Examples

Bold text like this Represents graphical user interface • In the Logical Interfaces box, select
(GUI) items you click or select. All Interfaces.
• To cancel the configuration, click
Cancel.

> (bold right angle bracket) Separates levels in a hierarchy of In the configuration editor hierarchy,
menu selections. select Protocols>Ospf.

Documentation Feedback

We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:

• Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper
Networks TechLibrary site, and do one of the following:

• Click the thumbs-up icon if the information on the page was helpful to you.

• Click the thumbs-down icon if the information on the page was not helpful to you or if you have
suggestions for improvement, and use the pop-up form to provide feedback.

• E-mail—Send your comments to [email protected]. Include the document or topic name,

URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
ix

covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,
365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:

• Find CSC offerings: https://www.juniper.net/customers/support/

• Search for known bugs: https://prsearch.juniper.net/

• Find product documentation: https://www.juniper.net/documentation/

• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

• Download the latest versions of software and review release notes:

https://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

https://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:

https://www.juniper.net/company/communities/

• Create a service request online: https://myjuniper.juniper.net

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:
https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

• Visit https://myjuniper.juniper.net.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.
1CHAPTER

Juniper Secure Connect Overview

Overview | 11
11

Overview

SUMMARY IN THIS SECTION

What Is Juniper Secure Connect? | 11

Learn about Juniper Secure Connect, a secure remote
Feature Support Comparison Between Juniper
access VPN solution, and its advantages over dynamic
Secure Connect and Dynamic VPN | 12
VPN.
Deployment Scenario for Juniper Secure
Connect | 14

What Is Juniper Secure Connect?

With today’s modern, distributed workforce, organizations need to keep remote users connected and
productive while ensuring business continuity and security. Organizations need to provide endpoint
protection as part of a comprehensive and connected security strategy.

Juniper Secure Connect is a client-based SSL-VPN application that allows you to securely connect and
access protected resources on your network. This application, when combined with SRX Series Services
Gateways, helps organizations quickly achieve dynamic, flexible, and adaptable connectivity from devices
anywhere across the globe. Juniper Secure Connect extends visibility and enforcement from client to cloud
using secure VPN connections.

Juniper Secure Connect solution includes:

• SRX Series firewall—Serves as an entry and exit point for communication between users with Juniper
Secure Connect and the protected resources on the corporate network or in the cloud.

• Juniper Secure Connect application—Secures connectivity between the protected resources and the
host clients running Microsoft Windows, Apple macOS, and Google Android operating systems. The
Juniper Secure Connect application connects through a VPN tunnel to the SRX Series firewall to gain
access to the protected resources in the network.

Figure 1 on page 12 illustrates the Juniper Secure Connect remote access solution for establishing secure
VPN connectivity for remote users at different locations.
12

Figure 1: Juniper Secure Connect Remote Access Solution

This document is for system administrators who want to configure remote-access VPN for Juniper Secure
Connect on SRX Series devices. If you are a remote user, see Juniper Secure Connect User Guide.

Benefits of Juniper Secure Connect

• Secure remote access from anywhere with VPN

• Simple user experience

• Easy management of remote clients, policies, and VPN events from a single console (using J-Web)

Feature Support Comparison Between Juniper Secure Connect and Dynamic

VPN

This topic describes the differences between Juniper Secure Connect and dynamic VPN.

Figure 2 on page 13 shows the high-level comparison between Juniper Secure Connect and dynamic VPN.
13

Figure 2: High-Level Feature Comparison Between Juniper Secure Connect and Dynamic VPN

Table 3 on page 13 shows the connection feature related differences between dynamic VPN and Juniper
Secure Connect on SRX Series devices:

Table 3: Differences Between Dynamic VPN and Juniper Secure Connect on SRX Series devices

Connection
Features Dynamic VPN Juniper Secure Connect

Connection mode IPsec mode IPsec is the preferred mode.

Juniper Secure Connect automatically changes the

protocol to SSL-VPN on need basis to bypass restrictive
networks where IPsec traffic is blocked.

VPN connectivity Policy-based VPN, which Route-based VPN connectivity.

mode requires each firewall policy to
Allows you to define fine granular firewall policies
define the connectivity and VPN
including other services, such as Advanced Threat
establishment.
Prevention (ATP) Cloud, User Firewall, and so on.
14

Deployment Scenario for Juniper Secure Connect

Figure 3 on page 14 shows the deployment scenario for Juniper Secure Connect. Ensure you adjust the
configuration values to map to your environment.

Figure 3: Deployment Scenario for Juniper Secure Connect

For traffic to flow correctly, you can either include a route in the protected network for the IP address
that you assign to the clients directs to the SRX Series devices or NAT all client traffic coming into the
protected networks.

RELATED DOCUMENTATION

Migrating from Junos OS Dynamic VPN to Juniper Secure Connect | 17

Preparing Juniper Secure Connect Configuration | 19
Local User Authentication Using Pre-shared Key | 35
External User Authentication Using RADIUS | 49
Certificate-Based Validation Using EAP-MSCHAPv2 Authentication | 64
Certificate-Based Validation Using EAP-TLS Authentication | 81
2 CHAPTER

Get Started with Juniper Secure

Connect

System Requirements | 16

Migrating from Junos OS Dynamic VPN to Juniper Secure Connect | 17

Preparing Juniper Secure Connect Configuration | 19

System Requirements

To work with Juniper Secure Connect, you need the following:

• SRX Series device or vSRX instance running Junos OS Release 20.3R1 or later.

• Juniper Secure Connect application software installed and running on supported operating systems. For
details on installation, see Juniper Secure Connect User Guide.

• We recommend using J-Web and Security Director to configure Juniper Secure Connect on SRX Series
device. To add a new license key, delete one or more license keys, update license keys, or download
license keys for J-Web, see Manage Your Licenses.

To enable J-Web access on your security device, use the following commands:

user@host# set system services web-management https interface interface-name

user@host# set system services web-management http interface interface-name
user@host# set security zones security-zone zone interface interface-name host-inbound-traffic system-services
https
user@host# set security zones security-zone zone interface interface-name host-inbound-traffic system-services
http|https

License Requirements

You need an active SRX-based license to use Juniper Secure Connect. By default, each SRX Series device
includes two built-in concurrent user licenses. You must purchase and install a license for additional
concurrent users. Contact your Juniper Networks representative for remote-access licensing. To understand
more about Juniper Secure Connect licenses, see Licenses for Juniper Secure Connect and Managing
Licenses.

RELATED DOCUMENTATION

Overview | 11
Migrating from Junos OS Dynamic VPN to Juniper Secure Connect | 17
Preparing Juniper Secure Connect Configuration | 19
17

Migrating from Junos OS Dynamic VPN to Juniper

Secure Connect

SUMMARY

This topic is intended for the users who have existing dynamic VPN deployments and are planning
to migrate to Juniper Secure Connect. If you are a new user for Juniper Secure Connect, you can
skip this topic.

Before You Begin:

• Learn about feature comparison. See “Feature Support Comparison Between Juniper Secure Connect
and Dynamic VPN” on page 12

• Learn about feature enhancement. See “Benefits of Juniper Secure Connect” on page 11

BEST PRACTICE: We recommend you to backup the current working configuration if you later
need to rollback and have a rolled over your history of rollbacks for some reason.

For more information, see Rescue and Recovery of Configuration File.

Licensing Requirements

As a first step, ensure that you have installed the license for Juniper Secure Connect if you need more
than two concurrent users.

Licenses for Juniper Secure Connect

Before You Start

Completed the following tasks that are related to Dynamic VPN:

• Update your firewall policies used for Dynamic VPN:

• Verify the from-zone option in the current Dynamic VPN policies. The from-zone option will be the
source-zone used in the Juniper Secure Connect VPN wizard.

• Remove firewall policies that refer Dynamic VPN.

• Delete IKE and IPsec configurations created for the Dynamic VPN configuration under edit security
dynamic-vpn, edit security ike, and edit security ipsec hierarchies.

Getting Started with J-Web Wizards

We recommend you to use J-Web wizard for Juniper Secure Connect configuration.

We recommend you to start with a new deployment of Juniper Secure Connect. Because migrating the
current settings is likely to cause overlooking of one or more values. Use the following guidance for the
fresh setup of Juniper Secure Connect.

• Check if you have any split tunneling rules. These rule specify remote protected resources behind the
SRX Series device, that the client communicates with, over the VPN tunnel. You can check your rules
at [set security dynamic-vpn clients configuration-name remote-protected-resources] hierarchy-level.
The same split tunnel definitions are used in the Secure Connect VPN wizard as protected-networks.

• Start a new deployment in the J-Web deployment wizard. We recommend enabling the Auto-create
Firewall Policy option to create a firewall policy automatically.

• You can reuse the access profiles and address-assignment pool in this workflow.

• If you already have a route from your network pointing to the SRX Series devices and included that IP
address in the address assignment pool or defined through the RADIUS, you can disable the use of
source NAT.

• Now you are ready to start configuring Juniper Secure Connect.

RELATED DOCUMENTATION

Preparing Juniper Secure Connect Configuration | 19

System Requirements | 16
19

Preparing Juniper Secure Connect Configuration

IN THIS SECTION

Prerequisites for Deploying Juniper Secure Connect | 19

How Juniper Secure Connect Works? | 23

Authentication Methods | 29

Get Yourself Familiar with Juniper Secure Connect Wizard on J-Web | 31

This topic includes the following sections:

Prerequisites for Deploying Juniper Secure Connect

Before you deploy Juniper Secure Connect, you must ensure that the SRX Series device uses either a
signed certificate or a self-signed certificate instead of the default system-generated certificate.

You can generate a certificate request or a self-signed certificate by navigating to Device Administration
> Certificate Management > Device Certificates in the J-Web interface as shown in Figure 4 on page 20.

Below are the minimum of values that you should configure. Ensure that these values matches with your
own organization. If you initiate a Certificate Signing Request (CSR), the certificate must be signed by your
CA before it is loaded on the SRX Series device.
20

Figure 4: Generate a Certificate Request or a Self-signed Certificate

After creating a self-signed or loading a signed certificate, you must bind the certificate to the SRX Series
device by navigating to Basic Settings > Management Access Configuration > Services > HTTPS > HTTPS
certificate and select the appropriate name.

When the certificate has been loaded to the SRX Series device, you can validate the certificate by viewing
the certificate information in your browser bar. The steps involved in viewing the certificate information
depends on your browser and browser version. Figure 5 on page 21 shows the certificate information that
you configured in the SRX Series device.
21

Figure 5: View Certificate Information

Figure 6 on page 22 shows all the details of the certificate that is configured in the SRX Series device.
22

Figure 6: Detailed Certificate Information

You must check for the following from the certificate information in the browser:

• Check if the Subject Alternative Name matches with your generated certificate.

• The Thumbprint/Fingerprint is also important if you not exporting the CA certificate from the SRX Series
device to all clients. In such cases, it will be displayed in a warning message.

We recommend that you export the self-signed certificate from the SRX Series device in .pem format, or
the CA root certificate from the CA that signed your CSR to each client. You can do this manually or
distributed using a client rollout package for Windows and macOS. See Create Installation Packages for
Juniper Secure Connect Rollout on Windows and Create Rollout Packages for Juniper Secure Connect Installation
on macOS.

Table 4 on page 23 lists the Juniper Secure Connect application directory location to place the exported
certificate on different platforms:
23

Table 4: Certificate Export File Location in Juniper Secure Connect Directory

Platform Directory Location

Windows C:\ProgramData\Juniper\SecureConnect\cacerts\

macOS /Library/Application Support/Juniper/SecureConnect/cacerts/

Android /Juniper/Export

Figure 7: Export Self-signed Certificate

How Juniper Secure Connect Works?

Before we start configuring Juniper Secure Connect on SRX Series device, lets understand at high-level
how Juniper Secure Connect solution works.
24

Different stages of establishing connectivity between a Juniper Secure Connect application and an SRX
Series device.

1. A remote user downloads Juniper Secure Connect application on the device such as smart phone, or
a laptop, or its distributed by the organizations software distribution system.

2. When the user initiates a connection, the application validates whether the gateway certificate is valid.

NOTE: If the SRX Series device has a system-generated certificate enabled, the user cannot
establish any connection with the application.

If the gateway uses a certificate where the root certificate has not been distributed to the application
(Create Installation Packages for Juniper Secure Connect Rollout on Windows and Create Rollout Packages
for Juniper Secure Connect Installation on macOS), the user will be prompted with a warning message
shown in Figure 8 on page 24, Figure 9 on page 25, and Figure 10 on page 26 based on the platform
where the Juniper Secure Connect application is installed.

Figure 8 on page 24 is a sample warning message on Windows platform if the application does not
have a root certificate.

Figure 8: Sample Certificate Warning Message on Windows Platform

Figure 9 on page 25 is a sample warning message on macOS platform if the application does not have
a root certificate.
25

Figure 9: Sample Certificate Warning Message on macOS Platform

Figure 10 on page 26 is a sample warning message on Android platform if the application does not
have a root certificate.
26

Figure 10: Sample Certificate Warning Message on Android Platform

The appearance of the warning message page differs based on the platform where the Juniper Secure
Connect application is installed.

Details of the warning message is based on the certificate that is configured on Juniper Secure Connect.
Table 5 on page 26 shows the details in the sample warning message.

Table 5: Certificate Information

Certificate Information Description

Issuer Name of the certificate issuer.

CN Common name (CN) represents the subject name in the certificate.

SAN Subject Alternative Name (SAN) represents the subject alternative name in the
certificate.

Fingerprint Represents the finger and thumbprint section in the certificate.

You as a system administrator must inform your users what action to take when a warning message is
displayed. The easiest way to validate your certificate as an administrator is to click on the warning
message in the browser toolbar to display the certificate details as shown in Figure 5 on page 21 and
Figure 6 on page 22 or load the correct root certificate on the client.

Below warning message is displayed if the application cannot reach the CRL (Certificate Revocation
List) of the signed certificate loaded on the SRX Series device.

WARNING: When you use a signed certificate and if the Juniper Secure Connect
application cannot reach the Certificate Revocation List (CRL) to validate the gateway
certificate, the application prompts the users with the warning message (as shown
in Figure 11 on page 27, Figure 12 on page 28, and Figure 13 on page 29) each
time they connect until the CRL is accessible. Juniper Networks' strongly
recommends you or your user to report this error message to your IT organization
to solve the CRL download failure.

Figure 11: Warning Message when Application Cannot Validate Gateway Certificate (Windows)
28

Figure 12: Warning Message when Application Cannot Validate Gateway Certificate (macOS)
29

Figure 13: Warning Message when Application Cannot Validate Gateway Certificate (Android)

3. SRX device authenticates the user based on credentials (user name, password, and domain) or certificates.

4. After a successful authentication, the client downloads and installs the latest configuration policy
defined on the SRX Series device. This step ensures that the client always uses the latest configuration
policy defined by the administrator

5. The client establishes a secure VPN connection based on downloaded configuration profile.

Now that we know how Juniper Secure Connect works, lets understand more about the different
authentication methods available.

Authentication Methods

There is two ways to authenticate users establishing secure connectivity with juniper secure connect,
either local or external authentication, each of these two ways have certain restrictions described below.
30

• Local Authentication—In local authentication, the SRX Series device validates the user credentials by
checking them in the local database. In this method, the administrator handles change of password or
resetting of forgotten password. Here, it requires that an user must remember a new password. This
option is not much preferred from a security standpoint.

• External Authentication—In external authentication, you can allow the users to use the same user
credentials they use when accessing other resources on the network. In many cases, user credentials
are domain logon used for Active Directory or any other LDAP authorization system. This method
simplifies user experience and improves the organization’s security posture; because you can maintain
the authorization system with the regular security policy used by your organization.

Multi Factor Authentication—To add an extra layer of protection, you can also enable Multi Factor
Authentication (MFA). In this method, a RADIUS proxy is used to send a notification message to a device
such as the users’ smart phone. Users must accept the notification message to complete the connection.

Table 6 on page 30 compares different authentication methods in Juniper Secure Connect.

Table 6: Juniper Secure Connect Authentication Types

Authentication Local External

Methods Authentication Authentication Details

How it works? Local database External RADIUS SRX Series Device validates the user credentials
maintains user server manages all by checking them in the local database (local
accounts and user user accounts and authentication)
groups and uses performs
External Radius server performs authentication
configured password authentication
service (external authentication).
to authenticate the service.
users

Username and Yes Yes Users must provide user name and password when
password initiating a new connection.

EAP-MSCHAPv2 No Yes Each client device must be able to validate the

(Username and certificate used by the SRX Series device.
password)
Certificate validation happens before the user can
login using credentials (username/password).

EAP-TLS No Yes Each client device must be able to validate the

certificate used by the SRX Series device.

Before the EAP-TLS client authentication can take

place, the requirement is—each user must have
certificates managed by the trusted Certificate
Authority.
31

Now, we got an idea about the authentication methods that Juniper Secure Connect supports. Now it is
time for us to get into J-Web and get ourselves familiar with configuration options and various fields
available in the GUI.

Get Yourself Familiar with Juniper Secure Connect Wizard on J-Web

Secure Connect VPN solution lets you create a remote access VPN tunnel between a remote user and the
internal network in few steps with intuitive, easy to use VPN wizard in J-Web.

Once you navigate to VPN > IPsec VPN and select Create VPN > Remote Access > Juniper Secure Connect,
the Create Remote Access (Juniper Secure Connect) page appears as shown in Figure 14 on page 31.

Figure 14: J-Web Wizard for Configuring Juniper Secure Connect

The VPN configuration wizard allows you to configure Juniper Secure Connect in just few steps as shown
in Table 7 on page 32.
32

Table 7: Juniper Secure Connect Configuration Wizard Fields

Options What You Configure Here

Name Name for the remote access connection. This name will be displayed
on the Juniper Secure Connect application on remote client device when
you do not select a default profile.

Example:

When default profile not used:

https://<srx-series-device-ip-address>/<remote access connection name>)

When default profile is used: https://<srx-series-device-ip-address>/).

Description Description of remote access connection.

Routing Mode Routing Mode is set to Traffic Selector (Auto Route Insertion) by default.
You cannot change this option.

Authentication Method Pre-shared: This authentication method is simple and easy to use, but
it is less secure than the certificates. If you select pre-shared option,
you can use:

• Authentication with username/password using local authentication

• Authentication with username/password using external authentication

Certificate-based: This authentication method using Extensible

Authentication Protocol (EAP). If you select certificate-based option,
you can use:

• Authentication with username/password using EAP-MSCHAPv2

• Authentication with client certificate using EAP-TLS.

Auto-create Firewall Policy Option for auto-creating a firewall policy.

Remote User • Juniper Secure Connect application settings.

• The settings you specify here generates a configuration file.
• Facilitates auto configuration for Juniper Secure Connect remote
clients when an authenticated Juniper Secure Connect application
user downloads this file automatically upon connecting to the SRX
Series device for first time.
33

Table 7: Juniper Secure Connect Configuration Wizard Fields (continued)

Options What You Configure Here

Local Gateway • SRX Series device settings such as interfaces, authentication options,
tunnel interfaces, SSL VPN, and NAT details including the following
options:
• Network information to enable remote clients to connect to the
gateway.
• Specify how the gateway authenticates users.

IKE and IPSec • IKE and IPSec options on the SRX Series device for Juniper Secure
Connect remote client connections.
• IKE Settings and IPsec Settings are advanced options. J-Web is already
configured with default values for IKE and IPsec fields.
• IKE settings used in negotiation of authenticating the device when a
Juniper Secure Connect application initiates a connection to the SRX
Series device.
• IPsec settings specify connection settings, and security associations
to govern authentication, encryption, encapsulation, and key
management.

Now you have understanding about the configuration options. lets get started with the configuration.

Based on the authentication method you have selected, see either of these topics:

• Local User Authentication Using Pre-shared Key on page 35

• External User Authentication Using RADIUS on page 49

• Certificate-Based Validation Using EAP-MSCHAPv2 Authentication on page 64

• Certificate-Based Validation Using EAP-TLS Authentication on page 81

RELATED DOCUMENTATION

System Requirements | 16
3 CHAPTER

Configure Juniper Secure Connect

Local User Authentication Using Pre-shared Key | 35

External User Authentication Using RADIUS | 49

Certificate-Based Validation Using EAP-MSCHAPv2 Authentication | 64

Certificate-Based Validation Using EAP-TLS Authentication | 81

Local User Authentication Using Pre-shared Key

SUMMARY IN THIS SECTION

Configure Juniper Secure Connect VPN

In this configuration, you use the username and Settings | 36
password for local user authentication. This
configuration option does not allow you to change or
recover your credentials without interacting with the
firewall administrator, hence we do not recommended
this authentication method. Instead, we recommend
you to use “External User Authentication Using
RADIUS” on page 49 method.

We assume that you have completed the basic setup of your SRX Series devices, including interfaces,
zones, and security policies as illustrated in the “Deployment Scenario for Juniper Secure Connect” on
page 14.

For information about prerequisites, see “System Requirements” on page 16.

Configure Juniper Secure Connect VPN Settings

To configure VPN settings using the J-Web interface:

1. Log in to your SRX Series device using J-Web interface.

Figure 15 on page 36 shows J-Web login page.

Figure 15: J-Web Access and Login

After logging in successfully, you land on the Basic Settings page.

Figure 16 on page 36 shows an example of the J-Web Configure tab.

Figure 16: J-Web Configure Tab

2. In the J-Web side pane, click VPN.

Figure 17 on page 37 shows an example of the J-Web Configure tab where VPN is selected.

Figure 17: VPN Configuration

a. After you click VPN, the IPsec VPN page appears.

Figure 18 on page 37 shows an example of the IPsec VPN page.

Figure 18: IPsec VPN Page

b. At the right corner of the page, select Create VPN > Remote Access > Juniper Secure Connect to
create the IPsec VPN setting for Juniper Secure Connect. The Create Remote Access (Juniper Secure
Connect) page appears.

Figure 19 on page 38 shows an example to create remote access VPN.

Figure 19: Create VPN - Remote Access

Figure 20 on page 38 shows an example of the create remote access page with pre-shared key
authentication method.

Figure 20: Create Remote Access Page For Pre-shared Key Authentication Method

3. On the Create Remote Access (Juniper Secure Connect) page (see Figure 21 on page 38):

a. Enter the name for the Remote Access Connection (this is, the name that will be displayed on the
End Users Realm Name in Juniper Secure Connect application) and a description.

b. The routing mode is set to Traffic Selector (Auto Route Insertion) by default.

c. Select the authentication method. For this example, let’s select Pre-shared Key from the drop-down
list.

d. Select Yes to create the firewall policy automatically using the Auto-create Firewall Policy option.

Figure 21: Pre-shared key Authentication Method

4. Click Remote User icon to configure the Juniper Secure Connect application settings.

Figure 22: Remote User Page

Figure 22 on page 39 shows an example of the Remote User page.

Configure the remote user client by selecting the options on the Remote User page and then clicking
OK :

Table 8 on page 39 summarizes the remote user settings options.

Table 8: Remote User Settings Options

Remote User
Settings Description

Default Profile The Default Profile is enabled by default. If you do not want this profile to be the default profile,
click the toggle button.

If you enable Default Profile for the VPN connection profile, Juniper Secure Connect
automatically selects default profile as realm name (in this example: https://12.12.12.12/). In
this case, it is optional to enter the realm name in Juniper Secure Connect.

If you disable Default Profile for the VPN connection profile, you must enter the realm name
along with the gateway address (in this example:
https://12.12.12.12/JUNIPER_SECURE_CONNECT) in Juniper Secure Connect.
40

Table 8: Remote User Settings Options (continued)

Remote User
Settings Description

Connection Mode To establish the client connection manually or automatically, select the appropriate option.

• If you select Manual, then in the Juniper Secure Connect application, to establish a connection,
you must either click the toggle button or select Connection > Connect from the menu.
• If you select Always, then Juniper Secure Connect automatically establishes the connection.
Known Limitation:

Android device: If you use or select Always, then the configuration is downloaded from the
first used SRX device. If the first SRX device configuration changes or if you connect to a new
SRX device, the configuration does not get downloaded to the Juniper Secure Connect
application.

This means that once you connect in the Always mode using the Android device, any
configuration changes in the SRX device do not take effect on Juniper Secure Connect.

SSL VPN To enable support for SSL VPN connection from the Juniper Secure Connect application to the
SRX Series devices, click the toggle button. Use this option when IPsec ports are not allowed.
By enabling SSL VPN, the client has the flexibility in connecting the SRX Series devices. By
default, SSL VPN is enabled.

Biometric This option is disabled by default. If you enable this option, when you click connect in Juniper
authentication Secure Connect, Juniper Secure Connect displays an authentication prompt.

This option allows the user to protect their credentials using the operating system’s built-in
biometric authentication support.

Dead Peer Dead Peer Detection (DPD) is enabled by default to allow the client to detect if the SRX Series
Detection device is reachable and if the device is not reachable, disable the connection till reachability is
restored.

Windows Logon This option allows users to logon to the local Windows system through an already established
VPN tunnel (using Windows Pre-Logon), so that it is authenticated to the central Windows
domain or Active Directory.

5. Click Local Gateway to configure the Local Gateway settings.

Figure 23 on page 41 shows an example of the local gateway configuration settings.

Figure 23: Local Gateway Configuration

a. If you enable Gateway is behind NAT, a text box appears. In the text box, enter the NAT IP address.
We support only IPv4 addresses. NAT address is the external address.

b. Enter a IKE ID in [email protected] format. For example, [email protected].

c. In the External Interface field, select the IP address for the clients to connect. You must enter this
same IP address (in this example: https://12.12.12.12/) for the Gateway Address field in the Juniper
Secure Connect application.

If you enable Gateway is behind NAT, then the NAT IP address becomes the gateway address.

d. From the Tunnel Interface drop-down list, select an interface to bind it to the route-based VPN.
Alternatively click Add. If you click Add, the Create Tunnel Interface page appears.

Figure 24 on page 42 shows an example of the Create Tunnel Interface page.

Figure 24: Create Tunnel Interface Page

The next available ST0 logical interface number is displayed in the Interface Unit field and you can
enter a description for this interface. Select the zone to add this tunnel interface to. If Auto-create
Firewall Policy (in Create Remote Access page) is set to Yes, the firewall policy uses this zone. Click
OK.

e. Enter the preshared key in either ASCII or hexadecimal format.

f. From the User Authentication drop-down list, select an existing access profile or click Add to create
a new access profile. If you click Add, the Create Access Profile page appears.

Figure 25 on page 43 shows an example of the Create Access Profile page.

Figure 25: Create Access Profile Page

Enter the access profile name. From the Address Assignment drop-down list, select an address pool
or click Create Address Pool. If you click Create Address Pool, the Create Address Pool page appears.

Figure 26 on page 44 shows an example of the Create Address Pool page.

Figure 26: Create Address Pool Page

• Enter the details for the local IP pool that is in the VPN policy for the clients. Enter a name for
the IP address pool.

• Enter the network address that you use for the address assignment.

• Enter your DNS server address. Enter WINS server details, if required. Now click the add icon (+)
to create the address range to assign IP addresses to the clients.

• Enter the name, and the lower and higher limits. After entering the details, click OK.

Select the Local check box to create local authentication user, where all the authentication details
are stored on the SRX Series devices. If you click the add icon (+), the Create Local Authentication
User window appears.

Figure 27 on page 45 shows an example Create Local Authentication User page.

Figure 27: Create Local Authentication User Page

Enter a username and password, and then click OK. Click OK again to complete the access profile
configuration.

g. From the SSL VPN Profile drop-down list, select an existing profile or click Add to create a new SSL
VPN profile. If you click Add, the Add SSL VPN Profile page appears.

Figure 28 on page 45 shows an example of the Add SSL VPN Profile page.

Figure 28: Add SSL VPN Profile Page

On the Add SSL VPN Profile page, you can configure the SSL VPN profile. Enter the SSL VPN profile
name in the Name field, and enable logging using the toggle, if required. In the SSL Termination
Profile field, select the SSL termination profile from the drop-down list. SSL termination is a process
where the SRX Series devices acts as an SSL proxy server, and terminates the SSL session from the
client. If you want to create a new SSL termination profile, click Add. The Create SSL Termination
Profile page appears.

Figure 29 on page 46 shows an example of the Create SSL Termination Profile page.
46

Figure 29: Create SSL Termination Profile Page

• Enter the name for the SSL termination profile and select the server certificate that you use for
the SSL termination on the SRX Series devices. Click Add to add a new server certificate or click
Import to import the server certificate. The server certificate is a local certificate identifier. Server
certificates are used to authenticate the identity of a server.

• Click OK.

h. The Source NAT Traffic option is enabled by default. When Source NAT Traffic is enabled, all traffic
from the Juniper Secure Connect application is NATed to the selected interface by default. Click
the toggle button to disable the Source NAT Traffic option. If the option is disabled, you must ensure
that you have a route from your network pointing to the SRX Series devices for handling the return
traffic correctly.

i. Under Protected Networks, click add icon (+) to select the networks that the Juniper Secure Connect
application can connect to.

Figure 30 on page 47 shows an example of the Create Protected Networks page.

Figure 30: Create Protected Networks Page

By default, any network 0.0.0.0/0 is allowed. If you configure a specific network, split tunneling for
Juniper Secure Connect application is enabled. If you retain the default value, you can restrict access
to your defined networks by adjusting the firewall policy from the client network. Click OK, and the
selected networks are now in the list of protected networks. Click OK to complete the local gateway
configuration.

Figure 31 on page 48 shows an example of successful completion of remote access configuration

with remote user and local gateway.
48

Figure 31: Complete Remote Access Configuration

IKE Settings and IPsec Settings are advanced options. J-Web is already configured with default
values for the IKE and IPsec parameters. It is not mandatory to configure these settings.

6. You can now find the URL for the remote users to connect to. Copy and store this URL for sharing with
your remote users. You need only the /xxxx information if this configuration is not your default profile.

Figure 32 on page 48 highlights the URL that remote user must enter in the Gateway address field in
Juniper Secure Connect application to establish remote access connection.

Figure 32: Commit Remote Access Configuration

a. Click Save to complete the Juniper Secure Connect VPN configuration and associated policy if you
have selected the auto policy creation option.

b. Click the highlighted Commit button (at the top right of the page next to Feedback Button) to
commit the configuration.

Download and install Juniper Secure Connect application on the client machine. Launch Juniper Secure
Connect and connect to the gateway address of the SRX Series device. See Juniper Secure Connect User
Guide for more details.
49

RELATED DOCUMENTATION

External User Authentication Using RADIUS

SUMMARY IN THIS SECTION

Configure Juniper Secure Connect VPN

This configuration is more secure as it allows you to Settings | 50
use the same username and password as your domain
login as well as change or recover your credentials
without interacting with the firewall administrator. It
also adds less workload on the administrator as the
password must be changed frequently. We recommend
you to use this configuration for authenticating the
user.

For information about prerequisites, see “System Requirements” on page 16.

Configure Juniper Secure Connect VPN Settings

To configure VPN settings using the J-Web interface:

1. Log in to your SRX Series device using J-Web interface.

Figure 33 on page 50 shows J-Web login page.

Figure 33: J-Web Access and Login

After logging in successfully, you land on the Basic Settings page.

Figure 34 on page 50 shows an example of the J-Web Configure tab.

Figure 34: J-Web Configure Tab

2. In the J-Web side pane, click VPN.

Figure 35 on page 51 shows an example of the J-Web Configure tab where VPN is selected.

Figure 35: VPN Configuration

a. After you click VPN, the IPsec VPN page appears.

Figure 36 on page 51 shows an example of the IPsec VPN page.

Figure 36: IPsec VPN Page

Figure 37 on page 52 shows an example to create remote access VPN.

Figure 37: Create VPN - Remote Access

Figure 38 on page 52 shows an example of the create remote access page with pre-shared key
authentication method.

Figure 38: Create Remote Access Page For Pre-shared Key Authentication Method

3. On the Create Remote Access (Juniper Secure Connect) page (see Figure 39 on page 52):

a. Enter the name for the Remote Access Connection (this is, the name that will be displayed on the
End Users Realm Name in Juniper Secure Connect application) and a description.

b. The routing mode is set to Traffic Selector (Auto Route Insertion) by default.

c. Select the authentication method. For this example, let’s select Pre-shared Key from the drop-down
menu.

d. Select Yes to create the firewall policy automatically using the Auto-create Firewall Policy option.

Figure 39: Create Remote Access Page

4. Click Remote User icon to configure the Juniper Secure Connect application settings.

Figure 40: Remote User Page

Figure 40 on page 53 shows an example of the Remote User page.

Configure the remote user client by selecting the options on the Remote User page and then clicking
OK :

Table 9 on page 53 summarizes the remote user settings options.

Table 9: Remote User Client Settings Options

Remote User
Client Settings Description

Default Profile The Default Profile is enabled by default. If you do not want this profile to be the default profile,
click the toggle button.

Table 9: Remote User Client Settings Options (continued)

Remote User
Client Settings Description

Connection Mode To establish the client connection manually or automatically, select the appropriate option.

This means that once you connect in the Always mode using the Android device, any
configuration changes in the SRX device do not take effect on Juniper Secure Connect.

SSL VPN To enable support for SSL VPN connection from the Juniper Secure Connect application to
the SRX Series devices, click the toggle button. Use this option when IPsec ports are not allowed.
By enabling SSL VPN, the client has the flexibility in connecting the SRX Series devices. By
default, SSL VPN is enabled.

Biometric This option is disabled by default. If you enable this option, when you click connect in Juniper
authentication Secure Connect, Juniper Secure Connect displays an authentication prompt.

This option allows the user to protect their credentials using the operating system’s built-in
biometric authentication support.

Dead Peer Dead Peer Detection (DPD) is enabled by default to allow the client to detect if the SRX Series
Detection device is not reachable, disable the connection till reachability is restored.

5. Click Local Gateway to configure the Local Gateway settings.

Figure 41 on page 55 shows an example of the local gateway configuration settings.

Figure 41: Local Gateway Configuration

a. If you enable Gateway is behind NAT, a text box appears. In the text box, enter the NAT IP address.
We support only IPv4 addresses. NAT address is the external address.

b. Enter a IKE ID in [email protected] format. For example, [email protected].

If you enable Gateway is behind NAT, then the NAT IP address becomes the gateway address.

d. From the Tunnel Interface drop-down list, select an interface to bind it to the route-based VPN.
Alternatively click Add. If you click Add, the Create Tunnel Interface page appears.

Figure 42 on page 56 shows an example of the Create Tunnel Interface page.

Figure 42: Create Tunnel Interface Page

e. Enter the preshared key in either ASCII or hexadecimal format.

f. From the User Authentication drop-down list, select an existing access profile or click Add to create
a new access profile. If you click Add, the Create Access Profile page appears.

Figure 43 on page 57 shows an example of the Create Access Profile page.

Figure 43: Create Access Profile Page

Enter the access profile name. From the Address Assignment drop-down list, select an address pool
or click Create Address Pool. If you click Create Address Pool, the Create Address Pool page appears.

The Create Address Pool window appears.

Figure 44 on page 58 shows an example of the Create Address Pool page.

Figure 44: Create Address Pool Page

• Enter the details for the local IP pool that is in the VPN policy for the clients. Enter a name for
the IP address pool.

• Enter the network address that you use for the address assignment.

• Enter your DNS server address. Enter WINS server details, if required. Now click the add icon (+)
to create the address range to assign IP addresses to the clients.

• Enter the name, and the lower and higher limits. After entering the details, click OK.

Select the RADIUS check box, where all the authentication details are stored on an external radius
server.

• Click the add icon (+) to configure the radius server details. See Figure 45 on page 59.
59

Figure 45: Create RADIUS Server Page

• Enter the Radius Server IP Address, the Radius Secret, and Source Address for the radius
communications to be sourced from. Click OK.

In the Authentication Order, from Order 1 drop-down list select RADIUS. Click OK to complete
the access profile configuration.

Figure 46 on page 60 shows an example of Create Access Profile page.

Figure 46: Create Access Profile Page

g. From the SSL VPN Profile drop-down list, select an existing profile or click Add to create a new SSL
VPN profile. If you click Add, the Add SSL VPN Profile page appears.

Figure 47 on page 60 shows an example of the Add SSL VPN Profile page.

Figure 47: Add SSL VPN Profile Page

On the Add SSL VPN Profile page, you can configure the SSL VPN profile. Enter the SSL VPN profile
name in the Name field, and enable logging using the toggle, if required. In the SSL Termination
61

Profile field, select the SSL termination profile from the dropdown list. SSL termination is a process
where the SRX Series devices acts as an SSL proxy server, and terminates the SSL session from the
client. If you want to create a new SSL termination profile, click Add. The Create SSL Termination
Profile page appears.

Figure 48 on page 61 shows an example of the Create SSL Termination Profile page.

Figure 48: Create SSL Termination Profile Page

• Click OK.

i. Under Protected Networks, click the add icon (+) to select the networks that the Juniper Secure
Connect application can connect to.

Figure 49 on page 62 shows an example of the Create Protected Networks page.

Figure 49: Create Protected Networks Page

Figure 50 on page 63 shows an example of successful completion of remote access configuration

with remote user and local gateway.
63

Figure 50: Complete Remote Access Configuration

IKE Settings and IPsec Settings are advanced options. J-Web is already configured with default
values for the IKE and IPsec parameters. It is not mandatory to configure these settings.

Figure 51 on page 63 highlights the URL that remote user must enter in the Gateway address field in
Juniper Secure Connect application to establish remote access connection.

Figure 51: Commit Remote Access Configuration

a. Click Save to complete the Juniper Secure Connect VPN configuration and associated policy if you
have selected the auto policy creation option.

b. Click the highlighted Commit button (at the top right of the page next to Feedback Button) to
commit the configuration.

RELATED DOCUMENTATION

Certificate-Based Validation Using EAP-MSCHAPv2

Authentication

SUMMARY IN THIS SECTION

Configure Juniper Secure Connect VPN

In this configuration, you use the username and Settings | 65
password for external user authentication (by RADIUS
server) and use EAP-MSCHAPv2 authentication
method to validate the user certificates.

For information about prerequisites, see “System Requirements” on page 16.

Ensure that you have a Public Key Infrastructure (PKI) configured as the backend authentication. In this
case, you only need to install the root certificate of the CA on each client. Note that local authentication
is not supported in this scenario.
65

Configure Juniper Secure Connect VPN Settings

To configure VPN settings using the J-Web interface:

1. Log in to your SRX Series device using J-Web interface.

Figure 52 on page 65 shows J-Web login page.

Figure 52: J-Web Access and Login

After logging in successfully, you land on the Basic Settings page.

Figure 53 on page 65 shows an example of the J-Web Configure tab.

Figure 53: J-Web Configure Tab

2. In the J-Web side pane, click VPN.

Figure 54 on page 66 shows an example of the J-Web Configure tab where VPN is selected.

Figure 54: VPN Configuration

a. After you click VPN, the IPsec VPN page appears.

Figure 55 on page 66 shows an example of the IPsec VPN page.

Figure 55: IPsec VPN Page

Figure 56 on page 67 shows an example to create remote access VPN.

Figure 56: Create VPN - Remote Access

Figure 57 on page 67 shows an example of the create remote access page with Certificate Based
authentication method.

Figure 57: Create Remote Access Page For Certificate-Based Authentication Method

3. On the Create Remote Access (Juniper Secure Connect) page (see Figure 58 on page 67):

a. Enter the name for the Remote Access Connection (this is, the name that will be displayed on the
End Users Realm Name in Juniper Secure Connect application) and a description.

b. The routing mode is set to Traffic Selector (Auto Route Insertion) by default.

c. Select the authentication method. For this example, let’s select Certificate Based from the drop-down
list.

d. Select Yes to create the firewall policy automatically using Auto-create Firewall Policy option.

Figure 58: Certificate-Based Authentication Method

4. Click Remote User icon to configure the Juniper Secure Connect application settings.
68

Figure 59: Remote User Page

Figure 59 on page 68 shows an example of the Remote User page.

Configure the remote user client by selecting the options on the Remote User page and then clicking
OK :

Table 10 on page 68 summarizes the remote user settings options.

Table 10: Remote User Client Settings Options

Remote User
Client Settings Description

Default Profile The Default Profile is enabled by default. If you do not want this profile to be the default profile,
click the toggle button.

Table 10: Remote User Client Settings Options (continued)

Remote User
Client Settings Description

Connection Mode To establish the client connection manually or automatically, select the appropriate option.

This means that once you connect in the Always mode using the Android device, any
configuration changes in the SRX device do not take effect on Juniper Secure Connect.

SSL VPN To enable support for SSL VPN connection from the Juniper Secure Connect application to the
SRX Series devices, click the toggle button. By enabling SSL VPN, the client has the flexibility
in connecting the SRX Series devices. By default, SSL VPN is enabled.

Biometric This option is disabled by default. If you enable this option, when you click connect in Juniper
authentication Secure Connect, Juniper Secure Connect displays an authentication prompt.

This option allows the user to protect their credentials using the operating system’s built-in
biometric authentication support.

Dead Peer Dead Peer Detection (DPD) is enabled by default to allow the client to detect if the SRX Series
Detection device is not reachable, disable the connection till reachability is restored.

Certificates This option is enabled by default to configure certificate options.

• Expiry Warning—This option is enabled by default. When enabled, you receive certificate
expiration warning on the Secure Connect client, when the certificate is about to expire.
• Warning Interval—Enter the Interval at which the warning is displayed in days
• Pin Req Per Connection—This option is enabled by default. When enabled, you must enter
the certificate pin for every connection.

EAP-TLS EAP-TLS is enabled by default. As, in this example we are using EAP-MSCHAPv2, toggle the
EAP-TLS switch to disabled state.

5. Click Local Gateway to configure the Local Gateway settings.

Figure 60 on page 70 shows an example of the local gateway configuration settings.

Figure 60: Local Gateway Configuration

a. If you enable Gateway is behind NAT, a text box appears. In the text box, enter the NAT IP address.
We support only IPv4 addresses. NAT address is the external address.

b. Enter a IKE ID in [email protected] format. For example, [email protected].

If you enable Gateway is behind NAT, then the NAT IP address becomes the gateway address.

d. From the Tunnel Interface drop-down list, select an interface to bind it to the route-based VPN.
Alternatively click Add. If you click Add, the Create Tunnel Interface page appears.

Figure 61 on page 71 shows an example of the Create Tunnel Interface page.

Figure 61: Create Tunnel Interface Page

e. From the Local certificate field, select one of your already externally signed local certificates. Click
Add to add a new local certificate or click Import to import the local certificate.

Figure 62 on page 72 shows a configuration example only.

Figure 62: Generate Certificate Page For Local certificate

f. For CA certificate, from the Trusted CA/Group field, select one of your already externally signed
CA certificates, including the matching Trusted CA/Group. If you do not have any of these, click
Add CA Profile and fill in the values that match your environment. Figure 63 on page 73 shows an
example of Add CA PROFILE page.
73

Figure 63: ADD CA PROFILE page

g. From the User Authentication drop-down list, select an existing access profile or click Add to create
a new access profile. If you click Add, the Create Access Profile page appears.

Figure 64 on page 74 shows an example of the Create Access Profile page.

Figure 64: Create Access Profile Page

Enter the access profile name. From the Address Assignment drop-down list, select an address pool
or click Create Address Pool. If you click Create Address Pool, the Create Address Pool page appears.

Figure 65 on page 75 shows an example of the Create Address Pool page.

Figure 65: Create Address Pool Page

• Enter the details for the local IP pool that is in the VPN policy for the clients. Enter a name for
the IP address pool.

• Enter the network address that you use for the address assignment.

• Enter your DNS server address. Enter WINS server details, if required. Now click the add icon (+)
to create the address range to assign IP addresses to the clients.

• Enter the name, and the lower and higher limits. After entering the details, click OK.

Select the RADIUS check box, where all the authentication details are stored on an external radius
server.

• Click the add icon (+) to configure the Radius Server details. See Figure 66 on page 76.
76

Figure 66: Create RADIUS Server Page

• Enter the Radius Server IP Address, the Radius Secret, and Source Address for the radius
communications to be sourced from. Click OK.

In the Authentication Order, from Order 1 drop-down list select RADIUS. Click OK to complete
the access profile configuration.

Figure 67 on page 77 shows an example of Create Access Profile page.

Figure 67: Create Access Profile Page

h. From the SSL VPN Profile drop-down list, select an existing profile or click Add to create a new SSL
VPN profile. If you click Add, the Add SSL VPN Profile page appears.

Figure 68 on page 77 shows an example of the Add SSL VPN Profile page.

Figure 68: Add SSL VPN Profile Page

On the Add SSL VPN Profile page, you can configure the SSL VPN profile. Enter the SSL VPN profile
name in the Name field, and enable logging using the toggle, if required. In the SSL Termination
78

Profile field, select the SSL termination profile from the drop-down list. SSL termination is a process
where the SRX Series devices acts as an SSL proxy server, and terminates the SSL session from the
client. If you want to create a new SSL termination profile, click Add. The Create SSL Termination
Profile page appears.

Figure 69 on page 78 shows an example of the Create SSL Termination Profile page.

Figure 69: Create SSL Termination Profile Page

• Click OK.

i. The Source NAT Traffic option is enabled by default. When Source NAT Traffic is enabled, all traffic
from the Juniper Secure Connect application is NATed to the selected interface by default. Click
the toggle button to disable the Source NAT Traffic option. If the option is disabled, you must ensure
that you have a route from your network pointing to the SRX Series devices for handling the return
traffic correctly.

j. Under Protected Networks, click the add icon (+) to select the networks that the Juniper Secure
Connect application can connect to.

Figure 70 on page 79 shows an example of the Create Protected Networks page.

Figure 70: Create Protected Networks Page

Figure 71 on page 80 shows an example of successful completion of remote access configuration

with remote user and local gateway.
80

Figure 71: Complete Remote Access Configuration

IKE Settings and IPsec Settings are advanced options. J-Web is already configured with default
values for the IKE and IPsec parameters. It is not mandatory to configure these settings.

Figure 72 on page 80 highlights the URL that remote user must enter in the Gateway address field in
Juniper Secure Connect application to establish remote access connection.

Figure 72: Commit Remote Access Configuration

a. Click Save to complete the Juniper Secure Connect VPN configuration and associated policy if you
have selected the auto policy creation option.

b. Click the highlighted Commit button (at the top right of the page next to Feedback Button) to
commit the configuration.

Download and install Juniper Secure Connect application on the client machine. Launch Juniper Secure
Connect and connect to the gateway address of the SRX Series device. You must also place the root CA
certificate at the appropriate directory location for your respective platform where you’ve installed Juniper
Secure Connect application. See Juniper Secure Connect User Guide for more details.
81

RELATED DOCUMENTATION

Certificate-Based Validation Using EAP-TLS

Authentication

SUMMARY IN THIS SECTION

Configure Juniper Secure Connect VPN

In this configuration, you use the username and Settings | 82
password for external user authentication (by RADIUS
server) and use the EAP-TLS authentication method
to validate the user certificates.

For information about prerequisites, see System Requirements.

Ensure that you have a Public Key Infrastructure (PKI) configured as the backend authentication. In this
case, you need to install the root certificate of the CA on each client as well as a user specific certificate
on each client device. Note that local authentication is not supported in this scenario.
82

Configure Juniper Secure Connect VPN Settings

To configure VPN settings using the J-Web interface:

1. Log in to your SRX Series device using J-Web interface.

Figure 73 on page 82 shows J-Web login page.

Figure 73: J-Web Access and Login

After logging in successfully, you land on the Basic Settings page.

Figure 74 on page 82 shows an example of the J-Web Configure tab.

Figure 74: J-Web Configure Tab

2. In the J-Web side pane, click VPN.

Figure 75 on page 83 shows an example of the J-Web Configure tab where VPN is selected.

Figure 75: VPN Configuration

a. After you click VPN, the IPsec VPN page appears.

Figure 76 on page 83 shows an example of the IPsec VPN page.

Figure 76: IPsec VPN Page

Figure 77 on page 84 shows an example to create remote access VPN.

Figure 77: Create VPN - Remote Access

Figure 78 on page 84 shows an example of the Create Remote Access page with Certificate-based
authentication method.

Figure 78: Create Remote Access Page For Certificate-Based Authentication Method

3. On the Create Remote Access (Juniper Secure Connect) page (see Figure 79 on page 84):

a. Enter the name for the Remote Access Connection (this is, the name that will be displayed on the
End Users Realm Name in Juniper Secure Connect application) and a description.

b. The routing mode is set to Traffic Selector (Auto Route Insertion) by default.

c. Select the authentication method. For this example, let’s select Certificate Based from the drop-down
list.

d. Select Yes to create the firewall policy automatically using Auto-create Firewall Policy option.

Figure 79: Certificate-Based Authentication Method

4. Click Remote User icon to configure the Juniper Secure Connect application settings.
85

Figure 80: Remote User Page

Figure 80 on page 85 shows an example of the Remote User page.

Configure the remote user client by selecting the options on the Remote User page and then clicking
OK :

Table 11 on page 85 summarizes the remote user settings options.

Table 11: Remote User Client Settings Options

Remote User
Client Settings Description

Default Profile The Default Profile is enabled by default. If you do not want this profile to be the default profile,
click the toggle button.

Table 11: Remote User Client Settings Options (continued)

Remote User
Client Settings Description

Connection Mode To establish the client connection manually or automatically, select the appropriate option.

This means that once you connect in the Always mode using the Android device, any
configuration changes in the SRX device do not take effect on Juniper Secure Connect.

Biometric This option is disabled by default. If you enable this option, when you click connect in Juniper
authentication Secure Connect, Juniper Secure Connect displays an authentication prompt.

This option allows the user to protect their credentials using the operating system’s built-in
biometric authentication support.

Dead Peer Dead Peer Detection (DPD) is enabled by default to allow the client to detect if the SRX Series
Detection device is not reachable, disable the connection till reachability is restored.

Certificates This option is enabled by default to configure certificate options.

EAP-TLS EAP-TLS is enabled by default.

5. Click Local Gateway to configure the Local Gateway settings.

Figure 81 on page 87 shows an example of the local gateway configuration settings.

Figure 81: Local Gateway Configuration

a. If you enable Gateway is behind NAT, a text box appears. In the text box, enter the NAT IP address.
We support only IPv4 addresses. NAT address is the external address.

b. Enter a IKE ID in [email protected] format. For example, [email protected].

If you enable Gateway is behind NAT, then the NAT IP address becomes the gateway address.

d. From the Tunnel Interface drop-down list, select an interface to bind it to the route-based VPN.
Alternatively click Add. If you click Add, the Create Tunnel Interface page appears.

Figure 82 on page 88 shows an example of the Create Tunnel Interface page.

Figure 82: Create Tunnel Interface Page

e. From the Local certificate field, select one of your already externally signed local certificates. Click
Add to add a new local certificate or click Import to import the local certificate.

Figure 83 on page 89 shows a configuration example only.

Figure 83: Generate Certificate Page For Local certificate

f. For CA certificate, from the Trusted CA/Group field, select one of your already externally signed
CA certificates, including the matching Trusted CA/Group. If you do not have any of these, click
Add CA Profile and fill in the values that match your environment. Figure 84 on page 90 shows an
example of Add CA PROFILE page.
90

Figure 84: ADD CA PROFILE page

g. In the User Authentication dropdown menu, you can select existing access profile or click Add to
create a new Access Profile. If you click Add, the Create Access Profile window appears.

Figure 85 on page 91 shows an example of the Create Access Profile page.

Figure 85: Create Access Profile Page

Enter the access profile name. From the Address Assignment drop-down list, select an address pool
or click Create Address Pool. If you click Create Address Pool, the Create Address Pool page appears.

Figure 86 on page 92 shows an example of the Create Address Pool page.

Figure 86: Create Address Pool Page

• Enter the details for the Local IP pool that is in the VPN policy for the clients. Enter a name for
the IP address pool.

• Enter the network address that you use for the address assignment.

• Enter your DNS server address. Enter WINS server details, if required. Now click the add icon (+)
to create the address range to assign IP addresses to the clients.

• Enter the name, and the lower and higher limits. After entering the details, click OK.

Select the RADIUS check box, where all the authentication details are stored on an external radius
server.

• Click on the add icon (+) to configure the radius server details. See Figure 66 on page 76.
93

Figure 87: Create RADIUS Server Page

• Enter the Radius Server IP Address, the Radius Secret, and Source Address for the radius
communications to be sourced from. Click OK.

In the Authentication Order, from Order 1 drop-down list select RADIUS. Click OK to complete
the access profile configuration.

Figure 88 on page 94 shows an example of Create Access Profile page.

Figure 88: Create Access Profile Page

h. From the SSL VPN Profile drop-down list, select an existing profile or click Add to create a new SSL
VPN profile. If you click Add, the Add SSL VPN Profile page appears.

Figure 89 on page 94 shows an example of the Add SSL VPN Profile page.

Figure 89: Add SSL VPN Profile Page

On the Add SSL VPN Profile page , you can configure the SSL VPN profile. Enter the SSL VPN
profile name in the Name field, and enable logging using the toggle, if required. In the SSL Termination
95

Figure 90 on page 95 shows an example of the Create SSL Termination Profile page.

Figure 90: Create SSL Termination Profile Page

• Click OK.

j. Under Protected Networks, click the add icon (+) to select the networks that the Juniper Secure
Connect application can connect to.

Figure 91 on page 96 shows an example of the Create Protected Networks page.

Figure 91: Create Protected Networks Page

Figure 92 on page 97 shows an example of successful completion of remote access configuration

with remote user and local gateway.
97

Figure 92: Complete Remote Access Configuration

IKE Settings and IPsec Settings are advanced options. J-Web is already configured with default
values for the IKE and IPsec parameters. It is not mandatory to configure these settings.

Figure 93 on page 97 highlights the URL that remote user must enter in the Gateway address field in
Juniper Secure Connect application to establish remote access connection.

Figure 93: Commit Remote Access Configuration

a. Click Save to complete the Juniper Secure Connect VPN Configuration and associated policy if you
have selected the auto policy creation option.

b. Click the highlighted Commit button (at the top right of the page next to Feedback Button) to
commit the configuration.

Download and install Juniper Secure Connect application on the client machine. Launch Juniper Secure
Connect and connect to the gateway address of the SRX Series device. You must also place the root CA
certificate and user certificate at the appropriate directory location for the respective platform where
you’ve installed Juniper Secure Connect application. See Juniper Secure Connect User Guide for more
details.
98

RELATED DOCUMENTATION

Monitor Juniper Secure Connect

Monitor Juniper Secure Connect | 100

100

Monitor Juniper Secure Connect

IN THIS SECTION

Check Junos OS Logs | 100

Check Juniper Secure Connect Application Logs | 102

In case of any issues, we recommend that you follow these steps to check the log messages and locate
the issue:

• Check the logs in Junos OS

• Check the logs in the Juniper Secure Connect application

Check Junos OS Logs

You must configure syslog to save the syslog file on your device. Currently, J-Web does not support
structured logs. Only unstructured logs are supported.

Depending on the syslog format (for structured logs) you configure in the system, you might not find the
log messages under Monitor > Events > System. Because of this, we recommend that you download the
"messages" file from Device Administration > Operations > Files and search for the event.

For the unstructured logs (in J-Web), to find information about the success or failure of authentication:

• For a Juniper Secure Connect application configuration download, search for "REMOTE_ACCESS".

• For a VPN connection, search for "KMD_".

Following is the result of "REMOTE_ACCESS" search:

101

Figure 94: "REMOTE_ACCESS" Search Results

By default, J-Web displays warning and error messages. If you want to view info level messages, change
the syslog configuration using CLI. Table 12 on page 101 lists the supported log levels:

Table 12: Syslog Severity Levels

Log severity Level Description

alert Indicates conditions that require immediate correction, such as a corrupted system
database.

any Indicates all log levels.

critical Indicates critical conditions, such as hard drive errors.

emergency Indicates system panic or other conditions that cause the routing platform to stop
functioning.

error Indicates standard error conditions.

info Only informational messages.

none No messages.

notice Indicates conditions that should be handled specially.

warning Indicates conditions that warrant monitoring.

You can view the stream (traffic or routing engine) logs by navigating to Monitor > Events > IPsec VPN
page.
102

Check Juniper Secure Connect Application Logs

IN THIS SECTION

Windows | 102

macOS | 108

Android | 111

Windows

Following are the steps to check the Juniper Secure Connect application logs on a Windows device:
103

1. The log is continuously active in the background, even if the log window is not open. All the relevant
Juniper Secure Connect communication events are displayed and saved for one week per operation
day, in a log file. The files older than seven online days are automatically deleted.

The log file is generated automatically in the installation directory under the Log folder when the
communication process is completed. The log file is named in NCPyymmdd.LOG format, where yy=year,
mm=month, and dd=date. Select Help > Logbook to view the log messages in the log book page.

You can change the storage time for log files using the Extended Log Settings option. You can open
and analyze the log files using a text editor.

Figure 95: Logbook Menu Option

Figure 96: Log Message Display

104

2. From the menu bar, click Help and then select Extended Log Settings.
105

Figure 97: Extended Log Settings Menu Option

3. Enable all options by selecting all the check boxes, and then click OK.

Figure 98: Extended Log Settings

106

4. Open the logbook and check for any log messages that indicate the problem. If you cannot resolve
your issue based upon the log messages, start the Support Assistant by clicking Help and then selecting
Support Assistant. The Support Assistant collects all the required data.

Figure 99: Support Assistant Menu Option

5. Click Add to attach any additional files, and then click Next. The Save archive file page opens.

Figure 100: Save Archive File

107

Figure 101: Log Files List

6. Select the Only create the archive file option button. Then, click Next.

Figure 102: Create Only Archive File

After the archival process is completed, Juniper Secure Connect displays the archived file location.
108

Figure 103: Successful Creation of Log Files Archival

7. Click Finish.

macOS

Following are the steps to check the Juniper Secure Connect application logs on a macOS platform:

1. Select Log > Logbook through the Juniper Secure Connect application menu to open the logbook.

Figure 104: Logbook Menu Option

Check for any log messages that indicate the problem.

109

Figure 105: Displaying Log Information

2. If you are not able to resolve the issue, save this log message into a file with the ncpmonlog.txt filename.
Copy the file ncpphone.cfg to the same location where you saved the logbook file /Library/Application
Support/Juniper/SecureConnect/ncpphone.cfg.

3. To locate the ncpphone.cfg file, open the Finder and select Go in the menu bar and at the same time
press down the “Option” key on your keyboard.
110

Figure 106: Open File Library

The directory location where the Juniper Secure Connect files are saved is displayed.
111

Figure 107: Juniper Secure Connect Directory

Android

Following are the steps to check the Juniper Secure Connect application logs on an Android device:

In the Juniper Secure Connect application menu, click the three vertical dots at the top right corner and
select Log from the menu.
112

Figure 108: Juniper Secure Connect Application Screen

Figure 109: Log Menu Option

The log output window appears, displaying the log messages.

113

Figure 110: Displaying Log Information

RELATED DOCUMENTATION

Overview | 11
Local User Authentication Using Pre-shared Key | 35
External User Authentication Using RADIUS | 49

Download Complete Researching Information Systems and Computing 1st Edition Briony J Oates PDF for All Chapters
71% (7)
Download Complete Researching Information Systems and Computing 1st Edition Briony J Oates PDF for All Chapters
37 pages
Juniper - Premium.jn0 335.65q DEMO
No ratings yet
Juniper - Premium.jn0 335.65q DEMO
30 pages
Jn0 648 Formatted
No ratings yet
Jn0 648 Formatted
48 pages
Junos Enterprise Switching (JEX-21A)
No ratings yet
Junos Enterprise Switching (JEX-21A)
3 pages
Jex 10 A Sgds
No ratings yet
Jex 10 A Sgds
151 pages
Juniper-Voucher Assessment PDF
No ratings yet
Juniper-Voucher Assessment PDF
6 pages
JNCIP-SEC JN0 634 (Update Answers)
No ratings yet
JNCIP-SEC JN0 634 (Update Answers)
27 pages
JNCIA-Cloud Voucher Assessment Test
100% (1)
JNCIA-Cloud Voucher Assessment Test
7 pages
Jncis Sec P1
No ratings yet
Jncis Sec P1
211 pages
JN0 105 Demo
No ratings yet
JN0 105 Demo
5 pages
Junos Space Security Director Technical Overview Student Guide
No ratings yet
Junos Space Security Director Technical Overview Student Guide
67 pages
Interfaces Ethernet Switches
No ratings yet
Interfaces Ethernet Switches
1,600 pages
Exam JN0-104: Junos - Associate (JNCIA-Junos)
No ratings yet
Exam JN0-104: Junos - Associate (JNCIA-Junos)
51 pages
What's New Cisco ACI 5.x Release
No ratings yet
What's New Cisco ACI 5.x Release
61 pages
Juniper Networks Virtual Chassis Fabric Technology
No ratings yet
Juniper Networks Virtual Chassis Fabric Technology
8 pages
CCNP Route (300-101)
No ratings yet
CCNP Route (300-101)
219 pages
JNCDA - Voucher Assessment
No ratings yet
JNCDA - Voucher Assessment
17 pages
JN0 660
No ratings yet
JN0 660
230 pages
Routing Policy
No ratings yet
Routing Policy
2,936 pages
Juniper Pre - JN0-231 65q-DEMO
No ratings yet
Juniper Pre - JN0-231 65q-DEMO
22 pages
PASSLEADER BY aNTON DUMP CCNA SEC
No ratings yet
PASSLEADER BY aNTON DUMP CCNA SEC
36 pages
Eve Creds
No ratings yet
Eve Creds
4 pages
Juniper (JNCDA) Voucher Assessment Test
No ratings yet
Juniper (JNCDA) Voucher Assessment Test
8 pages
Juniper VPN
No ratings yet
Juniper VPN
386 pages
JMF 15.a SG
100% (1)
JMF 15.a SG
374 pages
JNCIA Cloud Ques
100% (1)
JNCIA Cloud Ques
5 pages
Juniper Dynamic VPN
No ratings yet
Juniper Dynamic VPN
14 pages
Juniper MPLS
No ratings yet
Juniper MPLS
9 pages
Visit Passleader and Download Full Version Jn0-333 Exam Dumps
No ratings yet
Visit Passleader and Download Full Version Jn0-333 Exam Dumps
5 pages
JN0 348
No ratings yet
JN0 348
77 pages
You Got 11 of 35 Correct: Results
No ratings yet
You Got 11 of 35 Correct: Results
7 pages
Essential of Networking & Network Security
No ratings yet
Essential of Networking & Network Security
12 pages
IOS XR Routing Policy Language
No ratings yet
IOS XR Routing Policy Language
17 pages
Traffic MGMT QFX
No ratings yet
Traffic MGMT QFX
1,196 pages
PassLeader Juniper JNCIP SP JN0 661 Exam Dumps Braindumps PDF VCE
No ratings yet
PassLeader Juniper JNCIP SP JN0 661 Exam Dumps Braindumps PDF VCE
77 pages
Advanced Junos Security
0% (1)
Advanced Junos Security
534 pages
Vxlan Evpn Notes
No ratings yet
Vxlan Evpn Notes
27 pages
Bangkokbank srx345 Cluster
No ratings yet
Bangkokbank srx345 Cluster
194 pages
JIR-12.a LD
No ratings yet
JIR-12.a LD
48 pages
Jsec 17.a
No ratings yet
Jsec 17.a
2 pages
CCNP Route
No ratings yet
CCNP Route
96 pages
Juniper Practice Questions PDF
No ratings yet
Juniper Practice Questions PDF
32 pages
HPE - A00028947en - Us - ArubaOS-Switch and ArubaOS-CX Transceiver Guide (Edition 10)
No ratings yet
HPE - A00028947en - Us - ArubaOS-Switch and ArubaOS-CX Transceiver Guide (Edition 10)
98 pages
OpenStack Configuration Reference PDF
No ratings yet
OpenStack Configuration Reference PDF
666 pages
JN0 103
0% (1)
JN0 103
54 pages
JN0 332
No ratings yet
JN0 332
138 pages
Route Policy RPL XR v1 PDF
No ratings yet
Route Policy RPL XR v1 PDF
1 page
JNCIA-SEC Voucher Assessment
No ratings yet
JNCIA-SEC Voucher Assessment
12 pages
Junos Layer 3 VPNs (JL3V) PDF
No ratings yet
Junos Layer 3 VPNs (JL3V) PDF
2 pages
Aindump2go jn0-663 Study Guide 2023-May-03 by Norman 51q Vce
No ratings yet
Aindump2go jn0-663 Study Guide 2023-May-03 by Norman 51q Vce
10 pages
Juniperdumps
100% (1)
Juniperdumps
130 pages
Jweb SRX
No ratings yet
Jweb SRX
1,034 pages
HP Networking Aruba Solution PDF
No ratings yet
HP Networking Aruba Solution PDF
105 pages
Jncia Junos Voucher Pass
No ratings yet
Jncia Junos Voucher Pass
6 pages
Pan8 Cybersecurity Essentials Lab 2: Configuring Authentication
No ratings yet
Pan8 Cybersecurity Essentials Lab 2: Configuring Authentication
23 pages
Juniper SRX Password Reset
No ratings yet
Juniper SRX Password Reset
3 pages
Which Two Capabilities Are Supported With The CSRX Firewall? (Choose Two)
100% (2)
Which Two Capabilities Are Supported With The CSRX Firewall? (Choose Two)
65 pages
JSEC 12.a-R LD PDF
No ratings yet
JSEC 12.a-R LD PDF
16 pages
Juniper Apstra Architecture White Paper
No ratings yet
Juniper Apstra Architecture White Paper
18 pages
Juniper Secure Connect User Guide
No ratings yet
Juniper Secure Connect User Guide
114 pages
Two-Member QFX Series Virtual Chassis Upgrade Procedure: Network Configuration Example
No ratings yet
Two-Member QFX Series Virtual Chassis Upgrade Procedure: Network Configuration Example
23 pages
Linux Administrator - A Real World Guide To Linux Certification Skills
100% (1)
Linux Administrator - A Real World Guide To Linux Certification Skills
363 pages
Mathematical Tools in DIP - 2
No ratings yet
Mathematical Tools in DIP - 2
52 pages
Statement 08 183 197 8
No ratings yet
Statement 08 183 197 8
6 pages
2022 SDO Zero Backlog Report Google Forms
No ratings yet
2022 SDO Zero Backlog Report Google Forms
38 pages
Itlbt801 - Cryptography and Digital Signature
No ratings yet
Itlbt801 - Cryptography and Digital Signature
88 pages
1-2. AW 2024 Brochure (ENG)
100% (1)
1-2. AW 2024 Brochure (ENG)
12 pages
About The VM-Series Firewall
No ratings yet
About The VM-Series Firewall
18 pages
Knight's Tour - Group 6
No ratings yet
Knight's Tour - Group 6
23 pages
Requirements For The Design and Fabrication of Pressure Coils
No ratings yet
Requirements For The Design and Fabrication of Pressure Coils
1 page
Specifications List by Part Number: 2-2 Mos Fets
No ratings yet
Specifications List by Part Number: 2-2 Mos Fets
3 pages
Chapter 5: Project Invoicing: Objectives
No ratings yet
Chapter 5: Project Invoicing: Objectives
26 pages
Ex Parte Schulhauser 2016 - 04 - 28
No ratings yet
Ex Parte Schulhauser 2016 - 04 - 28
22 pages
BM2510 BM2502 Syllabus AY24S1
No ratings yet
BM2510 BM2502 Syllabus AY24S1
14 pages
Multi-Attentional Deepfake Detection
No ratings yet
Multi-Attentional Deepfake Detection
10 pages
Bara' CV 2020
No ratings yet
Bara' CV 2020
2 pages
DLL Mathematics-4 Q4 W9
No ratings yet
DLL Mathematics-4 Q4 W9
3 pages
Pushdown Automata Pdas: Fall 2006 Costas Busch - RPI 1
No ratings yet
Pushdown Automata Pdas: Fall 2006 Costas Busch - RPI 1
79 pages
Aadhaar Address Update
0% (1)
Aadhaar Address Update
2 pages
Jazz Chants
No ratings yet
Jazz Chants
7 pages
Polarization Microscope
No ratings yet
Polarization Microscope
3 pages
Experiment - 07: FIG1: Manipulator
No ratings yet
Experiment - 07: FIG1: Manipulator
11 pages
EESLog x64
No ratings yet
EESLog x64
94 pages
IC Project Schedule Template 10689
No ratings yet
IC Project Schedule Template 10689
3 pages
Chapter 8
No ratings yet
Chapter 8
12 pages
Slide 16 - 9 - 4
No ratings yet
Slide 16 - 9 - 4
1 page
Ch06 TB
No ratings yet
Ch06 TB
16 pages
LFC VPC Process
No ratings yet
LFC VPC Process
4 pages
Style of Business Letter
100% (2)
Style of Business Letter
23 pages
QX 10
No ratings yet
QX 10
92 pages