Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.107
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Network Sangfor/IPSec VPN IPsec VPN Tunnel Between Athena NGFW and Juniper (Route Mode) Procedures Configure the Juniper Firewall
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Configure the Juniper Firewall")}}

Configure the Juniper Firewall

{{ $t('productDocDetail.updateTime') }}: 2026-04-29

Steps

Step 1.Configure the interface IP addresses.

You can leave the IP addresses of tunnel interfaces empty. These IP addresses must be configured only if they serve as business IP addresses or an OSPF/BGP connection needs to be established with the peer end.

Step 2.Configure a default route to connect to the Internet.

Step 3.Configure a security policy to allow business traffic from zones associated with the Internet-facing interface, internal-facing interface, and tunnel interface.

To facilitate testing, traffic from all zones is allowed. In actual scenarios, allow traffic based on your business needs.

Step 4.Configure a gateway.

The following figure shows the advanced settings.

In the advanced settings, the local ID is configured. Make sure that the local ID on the Athena NGFW firewall is set to FQDN. Juniper supports only the following two ID types: ADDR and FQDN.

Step 5.Configure an IKE gateway.

The following figure shows the advanced settings.

The following two figures show how to configure the proxy ID. We recommend that you use the default settings.

Step 6.Configure a route to route traffic to the tunnel interface.