Juniper SRX 11.1 – SSL VPN termination

20 06 2011

Just seen in the release notes for Junos 11.1 for branch SRX that it will terminate SSL VPNs from Pulse clients.  Now that’s a nice thing – but calls into question why I bought my Juniper SA.  I think the SA will do some degree of network access control (NAC) for me on the corporate wired LAN as well, but perhaps I can make do with the SRX for remote access.

The thing to watch out for is that you need to have a licence for remote access on the SRX to terminate Pulse clients there. It is billed as ‘dynamic VPN’ licences, but will apparently work for Pulse clients too.  If you’ve bought licences for SSL VPNs on your SA, you won’t be able to terminate these on your SRX unless you get different licences.

I need to try this out a bit further (when time allows) and report back, I think…



3 responses

8 07 2011

I think this is for desktop pulse clients, uses ipsec, not ssl. If you have info otherwise I’d love to see it and try it out myself.

19 07 2011

Yeah – I think you would need to have installed pulse using the MSI installer… I’ll give it a go and report my findings

22 02 2012

Yes, Junos Pulse supports SSL Termination (on to SA’s), IPSec termination onto SRX (Dynamic VPN) and integrates an 802.1x supplicant and WAN Acceleration into the single unified client. So, if you have an SA appliance then great….this gives you the ability to support lots of functionality beyond the Dynamic VPN support of the SRX…host checking etc.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: