SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX300 w/JunOS 22.4 Dynamic VPN w/PulseSecure Initial Config

    Posted 11-27-2023 16:30
    Edited by spuluka 12-24-2023 06:07

    SOLVED: Ok - I have things working. I'm simply appalled at the bad branding choices and lack of documentation both accurate and/or up-to-date. Even with a JTAC case, I was pointed to documentation filled with errors and issues. Poor Juniper. Ever bad sentence of documentation is another JTAC case. I wonder if the heads of Juniper understand this. <that's kind of a rhetorical statement>

    UPDATE: I'm a lot closer - I found this video which explains the missing piece of what I was looking for - although the config still doesn't work.  but I am closer. I wish Juniper would their knowledgebase better organized. I know when I work on FPGAs (my normal day job... sort of) I can tell the Xilinx doc library tool I want a specific version of IDE in my search results and it does that. I'm not seeing where to do that with the Juniper Knowledgebase and the results I get are for older versions with invalid bits of information.

    Add'l UPDATE: Been talking with JTAC about this. Hilariously, Juniper sales/marketing has decided to move from supporting "PulseSecure" to (wait for it) "PulseSecureConnect" -- so if anyone else is chatting with JTAC, make sure to specify which one because there's been a mass branding fail to differentiate the current product vs the retired project. File under: "Wow. Just wow."

    Hey all, 

    I'm configuring a new SRX300 and everything else is done except for the dynamic VPN users which will be using Pulse Secure. 

    Looks like the syntax of the config has changed (again) and I'm struggling to find a good link describing what to do under 22.4 vs previous versions.
    (I have working configs from prior versions too. But, those examples are deprecated because of the new config syntax)

    I already have the Let's_Encrypt up and running (also Juniper's example isn't verbose enough to explain some of the details and their example doesn't work on its own).
    When I go to the Network -> VPN -> IPsec VPN -> Create VPN (Pulse Secure), I'm presented with options that don't feel like they will accomplish what I want nor are some the fields explained well enough that I'm confident I'm entering the right information or if information needs to be entered at all. 

    So I'd love if someone has a link to Juniper docs for THIS version (because it's so different) which hopefully includes some CLI commands to demonstrate a working template example -- cause I'm not finding it. 

    I even downloaded the CLI reference PDF from 2023-Jun-something and it's no help. Google doesn't help because the examples aren't for this version and thus too different. 
    Navigating Juniper's knowledge base won't let me lock in to version 22.4 ONLY results. 

    Thanks in advance, 

     -Ben




    ------------------------------
    Ben Kamen
    ------------------------------



  • 2.  RE: SRX300 w/JunOS 22.4 Dynamic VPN w/PulseSecure Initial Config

    Posted 11-28-2023 00:33

    Hi,

    As per im understand Pulse Secure client no longer support in SRX start some junos version.

    Thanks




  • 3.  RE: SRX300 w/JunOS 22.4 Dynamic VPN w/PulseSecure Initial Config

    Posted 11-28-2023 11:38

    If they are, I don't know why they bought back the PulseSecure client (I thought I read somewhere) and have added a specific setup wizard (which didn't work for me) in the latest version of JunOS. 

    Also, I found a video from a year ago specifically outlining setting up using that wizard. 

    Also - this client just bought the SRX300 and Juniper has specifically changed the dialup/dynamic licensing from a permanent license upgrade to a yearly upgrade that comes with Pulse Secure client support (as part of the license). I guess this is their way of paying for continued client software development. 

    Cheers, 

     -Ben



    ------------------------------
    Ben Kamen
    ------------------------------



  • 4.  RE: SRX300 w/JunOS 22.4 Dynamic VPN w/PulseSecure Initial Config

    Posted 11-30-2023 01:16

    I'm going to go back to edit my initial subject to correct my shorthand/abbreviation.

    I've been talking to JTAC and the official word is Juniper no longer supports PulseSecure. They support "PulseSecureConnect".

    That has got to be one of the biggest marketing/sales/branding fails I think I have EVER seen in my life. 

    I just got the email hours ago and I'm still reeling from the pure marking/branding idiocy that brought that to being.  It can really make a person crabby.

    Just thought I'd mention it. 



    ------------------------------
    Ben Kamen
    ------------------------------



  • 5.  RE: SRX300 w/JunOS 22.4 Dynamic VPN w/PulseSecure Initial Config

    Posted 11-30-2023 01:17

    Hi Ben, 

    Juniper has moved away from the Pulse Secure Client to a Juniper Secure Connect Client.  This Client is available from the Juniper Downloads Portal (granted you have a support contract).

    Some stanzas in the Juniper Documentation cause the tunnel to fail, such as the SSL termination profile. Try removing these and testing again...

    I have built a Configuration Template for Juniper Secure Connect. This has been tested on SRX3XX and SRX4X00 series running versions 22.4 and 21.4. Compare against the configuration you have and you may find the culprit.

    https://github.com/thewhitehouse007/junos-config-templates

    This has been a long time coming and thanks for that final push to encourage me to post this repository publically. 

    Cheers



    ------------------------------
    GAVIN WHITE
    ------------------------------