We are testing a Juniper SSL VPN SA-2000 appliance for 30 days. It was installed on Monday and I am impressed with what it can do. We are looking for a better VPN solution than our current. Right now we use Checkpoints secure client and we have to install that on all our remote users laptops. This limits who can VPN into the office to only those with company laptops. With the SA-2000 we can have anyone VPN into the office.
Based on the flexibility of the device we can setup policies to allow different levels of access. I can set the device to do a hardware check, user check or any combinations of checks. Example, I have hardware check on that scans the registry for company name machines based on our naming convention. If that checks out fine network connect will install. Network connect is pretty much a VPN java applet that create an SSL tunnel over http giving you an IP from a pool allowing you to have full network access. Now if the hardware check scans the registry and see that you are not a company machine you will not get network connect and will only get browser access to resources. All authentication is done via Active Directory which is nice.
If you are a certain user that is not on a company machine you have more resources published to the SSL VPN home page. Example, if I log in I will get my intranet, terminal service, all mapped drives, meeting (like webEx) and whatever other internal links that I want to add. If a regular user logs in I can have them only get Outlook Web Access and/or whatever resource they are working on internally.
I really like this solution as it pretty much the one stop shot for remote access. And the level of flexibility is great. It runs a hardened verion of LINUX not sure which distro but I can get into that some other time.
5 comments:
How about performance? How much performance degradation do you see with SSL VPN?
What I know about Juniper is it is too complex to configure...
The Juniper product is much more flexible and has more options than other products so it is a little more complex to configure. Performance is the same as IPSec.
@ Vij
So far it's only a hand full of test users and there have been no complaints.
@ anonymous
This is what I am hearing as well. Infact when the demo installer came on Monday I asked him how long will it take b/c my time is valuable LOL. He said from a few hours to a few days. O_o That all depends on what we want to do. As were were configuring it I can see exactly what he means by a few days. Everything we did we had 2 laptops testing. I was grilling him with questions and trying things here and there. I was getting carried away with what it could and how we can use it.
You write very well.
ezTalks is the world's leading online video conferencing provider that offers up to 100 participants free to join a online meeting.
video conferenc
webinar platforms
webinar services
Post a Comment