I am testing out the new Secure Connect VPN solution and I am curious about what is required from the security policy side.
I followed the instructions here to create the certificate and then use J-Web to configure the secure connect vpn.
Preparing Juniper Secure Connect ConfigurationSo I did get it working by creating a security policy from the Untrust zone to Junos-Host allowing IKE and HTTPS. My issue is the J-Web interface is now accessible from the public internet. Even though in my config I do not specify the untrust interface as part of the System>Services>Web-Management statement.
So im wondering how do I prevent the J-Web interface from being accessible from the untrusted side of the firewall? Do i need to create a different security policy?