Juniper Brings Best Of IPsec To SSL VPN Lineup
With the 5.0 version of Instant Virtual Extranet, the platform Juniper's SSL VPN family runs on, the vendor is adding a new dual-mode feature that can automatically switch between IPsec and SSL for transport.
The upgrade enables users of Juniper's NetScreen Remote Access and Secure Access SSL VPN appliances to first try IPsec as the transport mode, tapping the high-performance benefits of that protocol. However, if traffic is blocked because of service provider problems or Network Address Translation issues, the system can automatically fall back to SSL transport, said Vivian Ganitsky, director of the security products group at Juniper, Sunnyvale, Calif.
"Users are never going to get blocked. They will always have some sort of access," Ganitsky said.
By building dual transport capabilities into its SSL VPN line, Juniper is providing the best of both worlds, said Steve Fuller, president and CTO of Networks Group, a solution provider in Brighton, Mich.
The flexibility provided by such a hybrid solution could bring cost savings to customers as they decrease their reliance on separate IPsec infrastructures, Fuller said.
"The ability to do both IPsec and SSL transport on the same box is what's different," Fuller said. "I've had customers who deployed SSL but kept their IPSec infrastructure up and running, usually for a select subset of power users," Fuller said.
The upgrade also adds enhanced remediation capabilities to the Juniper Endpoint Defense Initiative (JEDI) that enable a network to propose fixes for devices that try to connect but do not meet security requirements, Ganitsky said.
Solution providers can add consulting or professional services around the new JEDI features, she said.
"There are opportunities for our partners to help customers think through how to set up their security policies," she said.
Pricing for Juniper's NetScreen Remote Access SSL VPN appliances starts at $4,000, while NetScreen Secure Access appliances start at $6,999.