Recommended SA IVE Releases
Looking for a Juniper recommended IPSec VPN client that supports Netscreen, SSG, ISG and SRX?
Recommended SSL VPN firmware releases according to Juniper as of March 2011:
Recommended SSL VPN firmware releases according to Juniper as of March 2011:
Brief list of IVE firmware releases since 2008:
- 7.1R5.0
- 7.0R8.1
- 6.5R11.0
- 6.4R8.0
- 6.3R8.0
- 6.2R7.0
- 6.1R8.0
- 6.0R14.0
- 5.5R7.0
- 5.4R7.1
- 7.1R5.0
- 7.0R8.1
- 6.5R11.0
- 6.4R8.0
- 6.3R8.0
- 6.2R7.0
- 6.1R8.0
- 6.0R14.0
- 5.5R7.0
- 5.4R7.1
Older platforms
There are still a couple of you out there running SA1000, SA3000 and SA5000 platforms. These are no longer able to run the most current versions of the code. Read the "What's new" notes on releases after 6.0 to see what features you're missing out on and then contact us to get your units upgraded. 6.0 is the last release to support these platforms.
Many of you are running the SA2000, SA4000 and SA6000 platforms, these have been replaced by the SA2500, SA4500 and SA6500 platforms. SA700 users (previously known as RA500) are still current platforms, but some newer features are not supported on the SA700 platforms.
It is extremely important to keep support contracts current on EOL and EOS equipment, a lapse in coverage may most likely mean that support cannot be reinstated!
There are still a couple of you out there running SA1000, SA3000 and SA5000 platforms. These are no longer able to run the most current versions of the code. Read the "What's new" notes on releases after 6.0 to see what features you're missing out on and then contact us to get your units upgraded. 6.0 is the last release to support these platforms.
Many of you are running the SA2000, SA4000 and SA6000 platforms, these have been replaced by the SA2500, SA4500 and SA6500 platforms. SA700 users (previously known as RA500) are still current platforms, but some newer features are not supported on the SA700 platforms.
It is extremely important to keep support contracts current on EOL and EOS equipment, a lapse in coverage may most likely mean that support cannot be reinstated!
7.1
- SharePoint 2010
- SAML 2.0
- ActiveX Self-Upgrade
- Mobile friendly SSL VPN login pages
- VMware View 4.x Support
- Citrix Web Interface 5.X support
- SAML 2.0
- ActiveX Self-Upgrade
- Mobile friendly SSL VPN login pages
- VMware View 4.x Support
- Citrix Web Interface 5.X support
7.0
- Support for Junos Pulse
- Multiple sessions per user
- Ability to present legal disclaimer pages before and after user authentication
- Support for Microsoft AJAX through the Rewriter (Core Access)
- Support for Outlook Web Access 2010 through the Rewriter (Core Access)
- RDP 7 support
- Embedded Java RDP Applet
- Ability to display banner messages to remote users
- Multiple sessions per user
- Ability to present legal disclaimer pages before and after user authentication
- Support for Microsoft AJAX through the Rewriter (Core Access)
- Support for Outlook Web Access 2010 through the Rewriter (Core Access)
- RDP 7 support
- Embedded Java RDP Applet
- Ability to display banner messages to remote users
6.5
-VDI Support Secure Access (SA) version 6.5 interoperates with VDI products, including VMWare’s View
Manager and Citrix’s XenDesktop, enabling administrators to deploy virtual desktops alongside the SA series of SSL VPN devices.
- Antispyware Support with Enhanced Endpoint Security (EES) Functionality
- Integrated WAN Acceleration (WX) Client Delivery
- ActiveSync Expansion
- Network Connect Client FIPS Certification
- User Record Synchronization
- RDP Launcher
- 2048-bit CSRs
- 64-bit platform support for Windows Secure Application Manager (WSAM)
Manager and Citrix’s XenDesktop, enabling administrators to deploy virtual desktops alongside the SA series of SSL VPN devices.
- Antispyware Support with Enhanced Endpoint Security (EES) Functionality
- Integrated WAN Acceleration (WX) Client Delivery
- ActiveSync Expansion
- Network Connect Client FIPS Certification
- User Record Synchronization
- RDP Launcher
- 2048-bit CSRs
- 64-bit platform support for Windows Secure Application Manager (WSAM)
6.4
- UAC-SA Federation
- Authentication and Access Control
- Client Access Mode enhancements
- Enhanced Manageability and Deployment Flexibility
- Endpoint Security
- SA4500FIPS and SA6500FIPS hardware platforms
- Authentication and Access Control
- Client Access Mode enhancements
- Enhanced Manageability and Deployment Flexibility
- Endpoint Security
- SA4500FIPS and SA6500FIPS hardware platforms
6.3
- Central Management of Policies and Secure Access SSL VPN appliances via Juniperʼs Network and Security Manager (NSM)
- Enhanced User Experience for Windows File Access Single Sign-On
- Enhanced User Experience for Windows File Access Single Sign-On
6.2
- Endpoint Security: Automatic Remediation, Pre-Defined Patch Management Checks, Pre-Defined Host Checker Policy Enhancements
- Endpoint Security/Enterprise Mobility – Windows Mobile Host Checker
- Enterprise Mobility - Clientless ActiveSync on Windows Mobile, JSAM and Core Access Support for Solaris 10
- Network Connect – Windows Vista Credential Provider, Bandwidth Management, Windows Client Reconnect Behavior, 256-bit AES Support
- Terminal Services - Citrix Published Application Support, Windows Server 2008 Support
- Streamlined Management – RADIUS Accounting NC Assigned IP Address
- Endpoint Security/Enterprise Mobility – Windows Mobile Host Checker
- Enterprise Mobility - Clientless ActiveSync on Windows Mobile, JSAM and Core Access Support for Solaris 10
- Network Connect – Windows Vista Credential Provider, Bandwidth Management, Windows Client Reconnect Behavior, 256-bit AES Support
- Terminal Services - Citrix Published Application Support, Windows Server 2008 Support
- Streamlined Management – RADIUS Accounting NC Assigned IP Address
6.1
- Endpoint Security – In order to keep pace with newer operating systems, this release includes support for Secure Virtual Workspace (SVW) on Windows Vista
6.0
- Support Trusted Network Connect (TNC) Standards on Host Checker
- Host Checker Support for Machine Certificate Authorization Juniper has extended Host Checker to now include support for X.509
- Extended custom endpoint assessment capabilities to include checks for Mac address and NETBIOS
Support for OWA, Sharepoint, and Office 2007 through the Core Access Method
- MySecureMeeting adds support for Reservationless, Fixed-URL Secure Meeting deployments.
- Citrix Terminal Services (CTS) – Intelligent Client Delivery and SSO
- CTS Proxy Auto-Client Reconnect and Session Reliability
- ICA Client Policy-Based Access Control
- Terminal Services RDP/JICA Fallback
- Windows Terminal Services Session Directory Support (session persistence)
- Standalone WSAM Launcher for Windows Mobile Devices
- Clientless File Browsing on Windows Mobile
- Seamless Roaming Support for WSAM on Windows Mobile
- MSI Packaging for Installer Service
- Host Checker Support for Machine Certificate Authorization Juniper has extended Host Checker to now include support for X.509
- Extended custom endpoint assessment capabilities to include checks for Mac address and NETBIOS
Support for OWA, Sharepoint, and Office 2007 through the Core Access Method
- MySecureMeeting adds support for Reservationless, Fixed-URL Secure Meeting deployments.
- Citrix Terminal Services (CTS) – Intelligent Client Delivery and SSO
- CTS Proxy Auto-Client Reconnect and Session Reliability
- ICA Client Policy-Based Access Control
- Terminal Services RDP/JICA Fallback
- Windows Terminal Services Session Directory Support (session persistence)
- Standalone WSAM Launcher for Windows Mobile Devices
- Clientless File Browsing on Windows Mobile
- Seamless Roaming Support for WSAM on Windows Mobile
- MSI Packaging for Installer Service
5.5
- All Secure Access features are supported on Microsoft Vista IVE 5.5 with some minor exceptions
5.4
- Resource Profile Templates for Outlook Web Access, iNotes & Sharepoint
- Anti-Virus Signature File Version Monitoring
- Endpoint Security Assessment Plug-in Updates
- Win Mobile 5.0 Pocket PC PDAs and Phones Support
- Intel based Macintosh Support
- Extended Platform Support: Firefox, Suse Linux, Fedora & Windows 2003
- Network Connect (NC) Command Line Launcher
- NC GINA Chaining
- Support Meeting (new type of Secure Meeting)
- Single Simultaneous Secure Meeting in Advanced License
- In Case of Emergency (ICE) License for Enabling Business Continuity with SSL VPN
- Anti-Virus Signature File Version Monitoring
- Endpoint Security Assessment Plug-in Updates
- Win Mobile 5.0 Pocket PC PDAs and Phones Support
- Intel based Macintosh Support
- Extended Platform Support: Firefox, Suse Linux, Fedora & Windows 2003
- Network Connect (NC) Command Line Launcher
- NC GINA Chaining
- Support Meeting (new type of Secure Meeting)
- Single Simultaneous Secure Meeting in Advanced License
- In Case of Emergency (ICE) License for Enabling Business Continuity with SSL VPN
5.3
- Resource Profile Templates
- Basic Configuration and Endpoint Security Task Guides
- Client Log Upload
- Enhanced Sharepoint Support
- Coordinated Threat Control with Juniperʼs Secure Access SSL VPN and Intrusion Detection and Prevention Products
- Basic Configuration and Endpoint Security Task Guides
- Client Log Upload
- Enhanced Sharepoint Support
- Coordinated Threat Control with Juniperʼs Secure Access SSL VPN and Intrusion Detection and Prevention Products
Complimentary solutions and products
- SSL offload, GSLB (we offer high performance load balancers to augment the SSL VPN)
- Cluster unit (add availability and redundancy with a second SSL VPN appliance)
- Centralized Juniper management (one software or appliance solution to now also manage SSL VPN)
- Enhanced reporting (great for more compliance needs)
- Logging solutions
- WAN acceleration client deployment
- IPSec VPN client
- SSL offload, GSLB (we offer high performance load balancers to augment the SSL VPN)
- Cluster unit (add availability and redundancy with a second SSL VPN appliance)
- Centralized Juniper management (one software or appliance solution to now also manage SSL VPN)
- Enhanced reporting (great for more compliance needs)
- Logging solutions
- WAN acceleration client deployment
- IPSec VPN client
Following is a partial short list of some recent features you may not be aware of:
H1N1 and SSL VPN
Remember that H1N1 can hit without warning. Juniper offers an ICE (In Case of Emergency) license that can be added to your existing appliance for additional users (SA4xxx and SA6xxx) only OR be used to get a lower cost additional unit at your main facility or DR site to handle a surge license need. These are a fraction of the cost that would normally be required. A SA4xxx solution can be used for 1,000 concurrent users while a SA6xxx can handle 10,000 concurrent users.
Microsoft SharePoint
Don't forget that the SSL VPN appliance can be used to secure and authenticate your SharePoint applications! SharePoint is a demanding application, performance tweaks will be required so that caching can be used to overcome the intense data requirements and impacts that it has on the Juniper content intermediation (rewriter) engine.
WAN acceleration
Juniper WXC platforms now support software WAN acceleration clients to substantially improve remote user WAN experience across slow bandwidth or high latency circuits. This is big! Plus, with SSL VPN, the client download is automated and integrated.
Network Connect
Just a friendly reminder from before, Network Connect for several recent versions now will automatically attempt an IPSec connection first for better performance, if that fails, it will fallback to a pure SSL based connection. IPSec is more efficient connection offering better performance. In order to get the performance advantage and get rid of the fallback delay, any firewalls along the path must allow IPSec traversal (UDP pot 4500). Enable the protocol to make sure Network Connect is being as efficient as possible. It is possible to check logs and determine what protocol Network Connect users are being established with.
Secure Meeting
It depends upon your firmware and licenses, but most of you that didn't purchase Secure Meeting should still have the ability to do one meeting with two users, this is perfect for remote IT support or Help Desk oriented tasks. Make sure to enable it on an IT or Help Desk roles and give it a try.
RDP Launcher
Great way to avoid creating bookmarks for every single individual desktop user.
Coordinated Threat Control
SSL VPN can work in conjunction with Juniper's IDP solution for inspecting traffic coming from remote clients to help keep your network safe from remote users and allowing the SSL VPN to disable insecure individual users and systems.
H1N1 and SSL VPN
Remember that H1N1 can hit without warning. Juniper offers an ICE (In Case of Emergency) license that can be added to your existing appliance for additional users (SA4xxx and SA6xxx) only OR be used to get a lower cost additional unit at your main facility or DR site to handle a surge license need. These are a fraction of the cost that would normally be required. A SA4xxx solution can be used for 1,000 concurrent users while a SA6xxx can handle 10,000 concurrent users.
Microsoft SharePoint
Don't forget that the SSL VPN appliance can be used to secure and authenticate your SharePoint applications! SharePoint is a demanding application, performance tweaks will be required so that caching can be used to overcome the intense data requirements and impacts that it has on the Juniper content intermediation (rewriter) engine.
WAN acceleration
Juniper WXC platforms now support software WAN acceleration clients to substantially improve remote user WAN experience across slow bandwidth or high latency circuits. This is big! Plus, with SSL VPN, the client download is automated and integrated.
Network Connect
Just a friendly reminder from before, Network Connect for several recent versions now will automatically attempt an IPSec connection first for better performance, if that fails, it will fallback to a pure SSL based connection. IPSec is more efficient connection offering better performance. In order to get the performance advantage and get rid of the fallback delay, any firewalls along the path must allow IPSec traversal (UDP pot 4500). Enable the protocol to make sure Network Connect is being as efficient as possible. It is possible to check logs and determine what protocol Network Connect users are being established with.
Secure Meeting
It depends upon your firmware and licenses, but most of you that didn't purchase Secure Meeting should still have the ability to do one meeting with two users, this is perfect for remote IT support or Help Desk oriented tasks. Make sure to enable it on an IT or Help Desk roles and give it a try.
RDP Launcher
Great way to avoid creating bookmarks for every single individual desktop user.
Coordinated Threat Control
SSL VPN can work in conjunction with Juniper's IDP solution for inspecting traffic coming from remote clients to help keep your network safe from remote users and allowing the SSL VPN to disable insecure individual users and systems.