1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOS OS 10.4 RELEASE NOTES
  6. Release note

Dynamic Vpn; Flow And Processing - Juniper JUNOS OS 10.4 - RELEASE NOTES Release Note

Hide thumbs
Table of Contents

Advertisement

Changes in Default Behavior and Syntax in Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers
Copyright © 2010, Juniper Networks, Inc.
On SRX100, SRX210, SRX240, and SRX650 devices, the current Junos OS default
configuration is inconsistent with the one in Secure Services Gateways, thus causing
problems when users migrate to SRX Series devices. As a workaround, users should
ensure the following steps are taken:
The
ge-0/0/0
interface should be configured as the Untrust port (with the DHCP
client enabled).
The rest of the on-board ports should be bridged together, with a VLAN IFL and
DHCP server enabled (where applicable).
Default policies should allow trust->untrust traffic.
Default NAT rules should apply interface-nat for all trust->untrust traffic.
DNS/Wins parameters should be passed from server to client and, if not available,
users should preconfigure a DNS server (required for download of security packages).

Dynamic VPN

Working with the Pulse client —Junos Pulse enables secure authenticated network
connections to protected resources and services over LANs and WANs. Junos Pulse is
a remote access client developed to replace the earlier access client called Juniper
Networks Access Manager. You must uninstall Access Manager before you install the
Junos Pulse client.
For SRX100, SRX210, SRX220, SRX240, and SRX650 devices running Junos OS Release
10.2 and later, Junos Pulse is supported but must be deployed separately. Users can
download and install the pulse client manually from Juniper support site.

Flow and Processing

For the flow session log on all SRX Series devices, policy configuration has been
enhanced. Information on the
for
session-init
and
session-close
application firewall is provided to meet Common Criteria (CC) Medium Robustness
Protection Profiles (MRPP) compliance:
Policy configuration—To configure the policy for the session for which you want to
log matches as log session-init or session-close and to record sessions in syslog:
set security policies from-zone untrustZone to-zone trustZone policy policy13 match
source-address extHost1
set security policies from-zone untrustZone to-zone trustZone policy policy13 match
destination-address intHost1
set security policies from-zone untrustZone to-zone trustZone policy policy13 match
application junos-ping
set security policies from-zone untrustZone to-zone trustZone policy policy13 then
permit
parameter in the session log
packet incoming interface
and when a session is denied by a policy or by the
115
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES

Related Content for Juniper JUNOS OS 10.4 - RELEASE NOTES

This manual is also suitable for:

Junos os 10.4

Table of Contents