Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] J-Web is not opening or Pulse Dynamic VPN client is not able to connect after SRX upgrade

0

0

Article ID: KB32401 KB Last Updated: 18 May 2018Version: 2.0
Summary:

This article discusses the root cause and solution for users who are not able to open J-Web or connect via the Pulse Dynamic VPN client when using lower version browsers or older operating systems.

Symptoms:

Users are not able to open J-Web or connect to the SRX device via the Pulse Dynamic VPN client in Junos OS versions 12.3X48-D55 and 15.1X49-D100 or later.

Example symptoms:

  • Pulse Dynamic VPN client not able to connect to the SRX device (Junos OS version 15.1X49-D100 and Windows 7 PC). The message "Your connection has failed" is reported on Pulse Secure.
     

 


Wireshark capture of the above connection when the Pulse client tries to connect with TLS1.0

 


Wireshark capture of the above connection when the Pulse client tries to connect with SSLv3


 
  • J-Web is not opening (SRX with Junos OS 15.1X49-D100 and Windows 7 PC). The message "This page can't be displayed" is reported:



 

Wireshark capture when J-Web is not opening due to the use of SSLv3 by the browser


 

Note: These clients are able to open J-Web and connect via the Pulse Dynamic VPN software to the SRX device that is running Junos OS versions earlier than 12.3X48-D55 and 15.1X49-D100. Why are they not able to connect after the SRX device is upgraded?

Cause:

As mentioned in PR1283812, on SRX Series devices, the TLS1.0, TLS1.1, and SSLv3 protocols are blocked because of reported security vulnerabilities. This change may affect users accessing J-Web and the Web Authentication GUI, or those using Dynamic VPN through the Pulse client, on older operating systems or lower version browsers where the TLSv1.2 protocol is not supported. This change affects Junos OS Release 12.3X48-D55, 15.1X49-D100, and all later SRX releases.

Solution:

Using an operating system or Internet browser that supports TLSv1.2 will resolve this issue and also avoid any security vulnerabilities. 

Windows 10 already supports TLSv1.2.

For Windows 7, the procedure to enable TLSv1.2 is documented by Microsoft here: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in.

When the Windows 7 client is updated with the Microsoft update, J-Web works properly and connects to the SRX device with Junos OS version 15.1X49-D90. Note that for the changes to take effect, your PC may need to be rebooted or the Pulse client may need to be installed again.

 
 
Modification History:

2018-05-18: Added the following line to the Solution section: "Note that for the changes to take effect, your PC may need to be rebooted or the Pulse client may need to be installed again." Made other minor modifications (non-technical)

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search