Juniper SA Series SSL VPN Appliances
SSL VPN makes it possible to establish a secure Internet connection between an enterprise network and virtually any remote computer without the need for pre-installed client software. Unlike IPsec VPN or other Network Layer tunneling techniques that give remote users the same access rights they would have if they were attached locally, SSL VPN works at the Application Layer and allows network administrators to assign highly granular access rights dynamically, based not only on the identity of the remote user but also on the security profile of the remote computer.
SSL VPN relies on the SSL security protocol used in standard web browsers, so it works with virtually any desktop, laptop, PDA, or smartphone client, regardless of operating system. This makes it easy and safe to provide selective access to people who use 'untrusted' computers or Internet connections. These can include mobile workers, partners, clients, vendors, and even the general public. Juniper is one of the industry pioneers of SSL VPN and Juniper's SA Series of SSL VPN appliances is the market leader in this class of connectivity devices.
Benefits of SSL VPN include:
- Eliminates the cost and hassle of installing, configuring, and updating remote client software
- Allows businesses to offer more IT-based services to more employees, customers, partners, and venders
- Permits highly granular access control for endpoint devices that are not at a managed site
- Provides detailed auditing capabilities for easier compliance with HIPAA, SOX, and other regulatory standards
- Allows business continuity if a disaster requires key workers to use remote computers without IPsec VPN clients
Juniper's SA Series of SSL VPN appliances employ a hardened, purpose-built operating system designed exclusively to provide layered security for end-to-end protection spanning the endpoint client to the corporate network. Security features include:
Juniper's SA SSL VPN Services appliances include a wealth of features to streamline management and enhance user productivity such as dynamic access privilege management and comprehensive single sign-on. The Network and Security Manager (NSM) provides a centralized mechanism for configuring and managing SA Series appliances from a single location.
- Antimalware Endpoint Security: The SSL VPN appliance can dynamically download antimalware software to impose security on untrusted remote devices and protect endpoints and corporate resources from infection in real-time
- SMS Auto-remediation: Automatically fixes problematic endpoints by use Microsoft's SMS protocol to update software applications that are out of compliance with company security policies. Dynamically initiates an update of these software applications on the endpoint using Microsoft's SMS protocol
- Host Checker: Remote computers can be checked before and during a session to ensure a compliant security profile such as installed antivirus software and firewall, plus network managers can create custom checks such as verifying closed or open ports, authenticating files with MD5 hash checksums, and verifying registry settings and machine certificates.
- Cache Cleaner: Deletes all proxy downloads and temp files from the remote client at the end of each session so that no potentially sensitive information remains on the endpoint
- Policy-based Enforcement: Permits connections with extranet endpoint computers that run different security clients than the ones used by your network
- Kernel-level Packet Filtering and Secure Routing: Drops undesirable traffic prior to processing by the TCP stack, making sure that unauthenticated attempts at access such as denial of service attacks are screened
- Secure Virtual Workspace: A safe, isolated environment for remote sessions that provides encryption and manages access to printers and storage, ensuring that corporate data is removed from unprotected kiosks after a session
Juniper SA Models Supported by Progent
Juniper's SA Series SSL VPN Appliances cover a broad array of devices that address the needs of small and mid-size businesses, large enterprises, and Internet service providers. Juniper's software gives customers to establish highly granular access right rights to network resources based on user roles and groups. Progent's Juniper-certified consultants can help you design, manage, and troubleshoot SSL VPN solutions based on Juniper's AS Series of remote access appliances. Models within the SA Series SSL VPN product line supported by Progent include:
Juniper's entry-level SA700 SSL VPN appliance is designed for small companies who need an affordable way to give from 10 to 25 remote users secure access to the corporate network from any web browser. Available in a desktop or 1U rack-mountable form factor, the SA700 features two 10/100 Ethernet ports. Although the SA700 does not have the full feature set included with the higher-end SA Series appliances, it does include Juniper's Native Host Checker for verifying client integrity at the beginning and throughout the session, and Juniper's Cache Cleaner to erase at logout all proxy downloads and all temp files installed during the session.
Juniper's SA2500 SSL VPN appliance is designed for small to mid-size businesses-to-medium size enterprises, providing an affordable solution for remote access to the corporate network from any standard web browser. The SA2500 is packaged in a 1U rack mountable chassis with two 10/100/1000 Ethernet ports and supports up to 100 concurrent users on a single system or two-unit fault-tolerant cluster. Transparent failover capability gives the SA2500 enterprise-class fault-tolerance, and the SA2500's ability to use the same software as the high-end SA4500 and SA6500 allows smaller organizations to benefit from Juniper's most advanced SSL VPN solution.
The SA4500 is targeted at mid-size to large organizations and can support up to 1,000 concurrent users on a single system. The SA4500 is packaged in a 1U rack mountable chassis with two 10/100/1000 Ethernet ports and can be upgraded to include hardware SSL acceleration for better responsiveness during peak usage. Juniper offers In Case of Emergency (ICE) licenses for the SA4500 so that during an emergency a large number of additional users are permitted on the SSL VPN Appliance for a limited time.
The top-of-the-line SA6500 is designed for performance and high availability and targeted at major enterprises and service providers. The SA6500 can support up to 10,000 concurrent users on a single system and up to 30,000 concurrent users on a four-unit cluster. The SA6500 is packaged in a 2U rack mountable 19-inch chassis with four 10/100/1000 Ethernet ports plus one Ethernet management port. A 4-port SFP interface card is optional. Hot-swappable fans, power supply, and mirrored disks are standard, and a second power supply or DC power supply are available as an option.
Progent's Consulting Services for Juniper's SA Series of SSL VPN Appliances
Progent's Juniper-certified consultants can help you plan, deploy, manage, and troubleshoot Juniper's SA Series of SSL VPN appliances to create a secure, fast, easy-to-use, and dependable solution for remote access.
Progent's GIAC certified information assurance experts and CISA security experts can provide affordable online security vulnerability scanning and can also assist your organization to develop a comprehensive security strategy and design protection into your day-to-day processes. In addition, Progent can assist your organization to design and maintain comprehensive SIEM solutions for compliance with regulatory requirements for reporting security events.
Progentís Technical Response Center (TRC) can provide urgent remote troubleshooting for Juniper products and offers quick access to a Juniper-premier network expert.
Call or Email Progent for Juniper Networks Consulting Services
If you want engineering support or troubleshooting for Juniper security systems, call Progent at 800-993-9400 or go to Contact Progent.