Juniper Brings Best Of IPsec, SSL To VPN Lineup

With the 5.0 version of Instant Virtual Extranet, the platform Juniper's SSL VPN family runs on, the vendor is adding a new dual-mode feature that can automatically switch between IPsec and SSL for transport.

The upgrade enables users of Juniper's NetScreen Remote Access and Secure Access SSL VPN appliances to first try IPsec as the transport mode, tapping its high-performance benefits. However, if traffic is blocked because of service provider or Network Address Translation issues, the system can automatically fall back to SSL, said Vivian Ganitsky, director of the security products group at Juniper, Sunnyvale, Calif. "Users are never going to get blocked. They will always have some sort of access," she said.

This flexibility could help customers cut costs as they decrease their reliance on separate IPsec infrastructures, said Steve Fuller, president and CTO of solution provider Networks Group, Brighton, Mich. "The ability to do both IPsec and SSL transport on the same box is what's different," Fuller said. "I've had customers who deployed SSL but kept their IPsec infrastructure up and running, usually for a select subset of power users."

The upgrade also adds enhanced remediation capabilities to the Juniper Endpoint Defense Initiative (JEDI) that enable a network to propose fixes for devices that try to connect but do not meet security requirements, Ganitsky said. "There are [service] opportunities for our partners to help customers think through how to set up their security policies," she said.