Juniper Networks ScreenOS Firewall

To configure the tunnel in the Juniper Networks ScreenOS Management Portal:

1. Log in to the Juniper Networks ScreenOS Management Portal with the Administrator account.

2. From the left pane. go to Network > Interfaces.

3. Create a new Unnumbered tunnel interface.

   

4. From the left pane, go to Network > Routing > Source:

   

   1. Select an appropriate zone and click New.

   2. In the IP Address/Netmask field, enter the Harmony SASE network subnet.

   3. For Next Hop, select gateway.

   4. Click OK.

5. From the left pane, click VPN:

   1. Select AutoKey Advanced.

   2. Verify that the PI Proposal is listed as shown in the following graphic.

      

   3. Go to P2 Proposal and ensure the proposal is listed as shown in the following graphic.

      

6. From the left pane, click Gateway:

   

   1. In the Gateway Name field, enter a name for the gateway.

   2. Select Remote Gateway and then select Static IP Address.

   3. In the IP Address/Hostname field, enter the public IP address of Harmony SASE gateway.

   4. Click Advanced:

      

      1. In the Preshared Key field, enter the secret key specified in Configuring the Tunnel in the Harmony SASE Administrator Portal.

      2. In the Security Level section, select Custom and from the Phase 1 Proposal list, select pre-g5-aes256-sha1-28800s.

      3. Enable DPD and set DPD Interval to 10s and DPD Retry to 5s.

7. From the left pane, click VPN > Autokey IKE:

   

   1. In the VPN Name field, enter a name for the VPN. For example, Harmony SASE.

   2. Select Remote Gateway and then select Predefined.

   3. Select the AutoKey Advanced Gateway that you created in the previous step.

8. From the left pane, click VPN > Advanced:

   

   1. In the Security Level section, select Custom and from the Phase 2 Proposal list, select g5-aes256-sha1-3600s.

   2. In the Bind to section, click Tunnel Interface and select the tunnel interface you created in step 3.

   3. Select the Proxy-ID Check checkbox.

9. From the left pane, click VPN > Autokey IKE, configure Proxy ID with these details:

   

   

   Field	Enter
   Local proxy ID	Your local LAN subnet. For example, 192.168.120.0/24.
   Remote Proxy ID	Harmony SASE network subnet. The default is 10.255.0.0./16.
   Service	Any