Juniper SRX 11.1 – SSL VPN termination

20 06 2011

Just seen in the release notes for Junos 11.1 for branch SRX that it will terminate SSL VPNs from Pulse clients.  Now that’s a nice thing – but calls into question why I bought my Juniper SA.  I think the SA will do some degree of network access control (NAC) for me on the corporate wired LAN as well, but perhaps I can make do with the SRX for remote access.

The thing to watch out for is that you need to have a licence for remote access on the SRX to terminate Pulse clients there. It is billed as ‘dynamic VPN’ licences, but will apparently work for Pulse clients too.  If you’ve bought licences for SSL VPNs on your SA, you won’t be able to terminate these on your SRX unless you get different licences.

I need to try this out a bit further (when time allows) and report back, I think…