Wired Assurance
Group Based Policies for your campus fabric
You can now configure and apply Group Based Policies (GBPs) on switches for your campus fabric IP Clos deployments. GBPs enable you to achieve micro segmentation in the network, giving you a practical way to create network access policies that are independent of the underlying network topology. The GBP configuration involves creating GBP tags and including them in switch policies. The GBP tags allow you to group users and resources. In a GBP, you match a user group tag to a resource group tag to provide the specified users access to the specified resources. GBP leverages the underlying VXLAN technology to provide location-agnostic endpoint access control, and allows you to implement consistent security policies across the enterprise network domains.
Only the following devices that run Junos Release 22.4R1 and later support GBPs: EX4400, EX4100, EX4650, QFX5120-32C and QFX5120-48Y.
You can configure GBPs through the switch configuration templates (Organization > Switch Templates) or from the switch dashboards (Switches > switch-name). The following image shows the GBP configuration sections in a switch template:
Updates to the software upgrade process
For the Juniper EX 2300, 3400, 4100, 4300 and 4400 switches running Junos 20.4 and above, we have optimized the image download step in the software upgrade process. This enhancement increases the image download speed. However, for the software upgrade to be successful, please ensure the following URL is added the allowlist on the firewall.
cdn.juniper.net (TCP 443)
See also: Ports to enable on your firewall – Mist
Simplified Operations
Port Up/Down Notifications
The Mist portal now enables you to configure alerts and email notifications for the interface up and down events on specified ports of a switch or WAN Edge. To configure these alerts and notifications, do the following:
-
Configure the port to support alerts.
-
To configure a WAN Edge port to support alerts, select the Enable “Up/Down Port” Alert Type checkbox in the LAN or WAN configuration section of the WAN Edge page (Organization > WAN Edge Templates).
-
To configure a switch port to support alerts, select the Enable “Up/Down Port” Alert Type checkbox on the Port Config tab in the Select Switches Configuration rule in the switch template (Organization > Switch Templates).
-
-
On the Monitor > Alerts > Alerts Configuration page (see the image below), use the following checkboxes to enable alerts for the selected port.
-
-
Critical WAN Edge Port Up
-
Critical WAN Edge Port Down
-
Critical Switch Port Up
-
Critical Switch Port Down
-
SSO support for Premium Analytics
The Juniper Mist Premium Analytics now supports the single sign-on (SSO) capability that enables you to launch the reporting dashboards directly from the Mist portal, providing a seamless user experience. Premium Analytics is a subscription-based cloud service that provides end-to-end network observability and business intelligence to IT and line-of-business users. This service is accessible to users with Super User, Network Admin, Observer, Helpdesk, or Reporting roles. The Reporting role provides only restricted access to Premium Analytics and other reports. For the existing users, the alternative access to the reporting dashboards via premiumanalytics.mist.com continues to exist until further notice. Click Analytics to access the Premium Analytics page (shown below).
Import and export options for site-level PSKs are generally available
We have made the options to import and export the site-level pre-shared keys (PSKs) generally available to the Mist users. You require a Super User or Network Admin role to use these options. Click Site > Pre-shared Keys to access site-level PSKs.
Enhancements to the MSP portal
The MSP users can now view the audit logs for the activities performed from the MSP portal. As an MSP user, you can choose to view the audit logs linked to a single or multiple organizations, for a specific time range. You can also search the logs by using the admin name, admin email, or log message as the keywords. To access the audit logs, click MSP > Audit Logs. The following image shows a sample Audit Logs page for MSP users.
Also, we have made the subscription transfer process easier for the MSP users. The Transfer Subscriptions page now lets users filter the source and destination organizations quickly by using the new search filter. Just start typing the organization’s name into the search field for it to display the matching organizations in alphabetical order.
Support for tracking assets more accurately
We have now enabled the named assets to gravitate towards the wayfinding paths when they get within a few meters of those paths, providing a more accurate asset tracking experience to users. Wayfinding paths, equivalent to Google Maps and Roads, are designed to guide the assets along the path to a destination.
Guest Access with WPA3 Security Modes
We have made the ‘Guest Access with Mac Authentication Bypass’ WLAN security option available for the following additional WLAN security types:
-
WPA3 Personal – WPA3+WPA2 Transition
-
OWE
-
OWE Transition
Search filter for Device Profiles
We have added a search bar on the Device Profiles page to help you filter profiles by a keyword.
WAN Assurance
Support for scheduling App-ID database installation for SSR and SRX devices
We have introduced support for scheduling site-level IDP or App-ID database installation for SSR and SRX WAN Edges.
You can set a scheduled time and day to perform device side IDP or App-ID database installation. A daily option is also available. By default, sites have a daily 02:00 AM schedule based on the time zone set for the site.