What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4



Similar documents
Secure, Mobile Access to Corporate , Applications, and Intranet Resources

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

PRODUCT CATEGORY BROCHURE

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

What s New in Juniper s SSL VPN Version 6.0

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Windows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features

COORDINATED THREAT CONTROL

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

PC-Duo Web Console Installation Guide

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

HOTPin Integration Guide: DirectAccess

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Pulse Connect Secure

SA Series SSL VPN Virtual Appliances

SHA-256 IAB Q&A. February 2011

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

SECURE ACCESS TO THE VIRTUAL DATA CENTER

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

SAM Context-Based Authentication Using Juniper SA Integration Guide

Juniper Networks Secure Access Kerberos Constrained Delegation

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Migrating from Microsoft ISA Server 2004/2006 to Forefront Threat Management Gateway (TMG) 2010

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide

SSL VPN A look at UCD through the tunnel

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

ORDERING AND LICENSING GUIDE FOR MAG SERIES JUNOS PULSE GATEWAYS

Ensuring the security of your mobile business intelligence

Security Considerations for DirectAccess Deployments. Whitepaper

The BiGuard SSL VPN Appliances

Upgrading Your Skills to MCSA Windows Server 2012

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Introducing the FirePass and Microsoft Exchange Server configuration

Architecture and Key Components

nexus Hybrid Access Gateway

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Deploying Cisco ASA VPN Solutions

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

BlackShield ID Agent for Remote Web Workplace

DIGIPASS Authentication for GajShield GS Series

A Guide to New Features in Propalms OneGate 4.0

Pulse Connect Secure. Data Sheet. Published Date

VPN_2: Deploying Cisco ASA VPN Solutions

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

NOTE: Labs in this course are based on the General Availability release of Windows Server 2012 R2 and Windows 8.1.

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Sophos for Microsoft SharePoint startup guide

Kaseya IT Automation Framework

Upgrading Your Skills to MCSA Windows Server 2012

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

How To Use Netscaler As An Afs Proxy

Junos Pulse Release 3.0R1.1

Junos Pulse Supported Platforms

Use QNAP NAS for Backup

What s New in Juniper s IVE Platform Version 5.2. Highlights of this Release. What s New in IVE v5.2

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

END-TO-END SECURITY WITH SA SERIES SSL VPN APPLIANCES

Odyssey Access Client FIPS Edition

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

Easy and Secure Remote Access with Cisco QuickVPN

Junos Pulse Supported Platforms Guide

Configuring and Implementing A10

Best Practices for Secure Remote Access. Aventail Technical White Paper

SAML-Based SSO Solution

Remote Access Clients for Windows

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V) Terminology Key Capabilities... 4

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Junos Pulse. Administration Guide. Release 3.0. Published: Copyright 2012, Juniper Networks, Inc.

White Paper. The risks of authenticating with digital certificates exposed

What s New in Juniper SSL VPN Version 7.1

High Availability Solutions & Technology for NetScreen s Security Systems

RSA SecurID Two-factor Authentication

Planning for Windows Server 2008 Servers

304 - APM TECHNOLOGY SPECIALIST

What s New in Fireware XTM v11.5.1

PortWise Access Management Suite

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Build Your Knowledge!

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Check Point FDE integration with Digipass Key devices

JUNOS PULSE APPCONNECT

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

For Sales Kathy Hall

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

Designing and Implementing a Server Infrastructure

Transcription:

Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This document assumes familiarity with the Juniper s IVE platform and the features of earlier releases up to version 6.3. The document is organized into five sections, each describing a different functional area. I. UAC-SA Federation II. Authentication and Access Control III. Client Access Mode enhancements IV. Enhanced Manageability and Deployment Flexibility V. Endpoint Security VI. SA4500FIPS and SA6500FIPS hardware platforms 1BUAC-SA Federation Unified Access Control Secure Access Federation Secure Access version 6.4 supports federation of user sessions between the Secure Access device and a Juniper Unified Access Control deployment (starting with UAC release 2.4). In many organizations where both a remote access solution and a Network Admission Control (NAC) solution have been deployed, remote access users frequently need to authenticate first into remote access, and then again into NAC in order to access the full range of protected resources. UAC-SA Federation adds the ability to seamlessly provision SSL VPN user sessions into UAC upon login, enabling a seamless end user experience in these types of environments. As Juniper is committed to supporting industry standards, UAC-SA Federation leverages an open standard from the Trusted Computing Group known as Interface for Metadata Access Protocol (IF-MAP). Federation of the Secure Access and UAC products provides remote users seamless access to corporate resources which are protected by UAC policies. This enables remote users to access such resources with a single login. Available on all Secure Access products and all Unified Access Control products. Authentication and Access Control Constrained Delegation and Advanced SSO Enhancements In the area of web single sign-on through the Core Clientless access method, Secure Access 6.4 adds three new key enhancements - Kerberos SSO, NTLM v2 SSO and Kerberos Constrained Delegation. Both Kerberos and NTLMv2 SSO add new protocol support to existing Single Sign-On capabilities already provided by the Secure Access products. Constrained Delegation is a new functionality that allows organizations to completely eliminate the need to manage static passwords in their environments. In recent years, many organizations have moved to strong authentications schemes such as One-Time Passwords (OTP) and X.509 Digital Certificates. One disadvantage of using these types of credentials in a clientless SSL VPN (or any proxy scenario) is that those credentials cannot be reused for SSO into backend resources and applications. Therefore, administrators must also collect static passwords from end users at login time to meet the need for SSO. Constrained Delegation (CD) changes that and finally allows organizations to free themselves from the time and expense associated with managing static passwords. With CD, when a user logs in to Secure Access with a credential that cannot be proxied through to the backend server, the Secure Access device will retrieve a

Juniper Networks Secure Access (SA) SSL VPN v6.4 What s New Page 2 Product Bulletin Kerberos Ticket on behalf of the user from the Active Directory Kerberos infrastructure. That ticket will be cached on the SA and throughout the session, when the user accesses Kerberos-protected applications, the SA will use the cached Kerberos credentials to log the user in to the application without prompting for a password. Simplified User Experience Remote access users can now seamlessly access corporate applications which require additional authentication via Kerberos or NTLM v2 protocols. The Secure Access appliance can automatically authenticate the remote user via Kerberos or NTLMv2 using user credentials, therefore avoiding the user having to enter credentials multiple times to access different applications. Ease of security administration Corporate application administrators can enable authentication and access control for their applications via Single-Sign-On mechanisms or Kerberos Constrained Delegation. This provides easy administration of security policies while still maintaining strong security for critical applications. Support for Windows Domain Authentication through Windows Secure Access Manager (WSAM) Windows Secure Application Manager (WSAM) in Secure Access 6.4 now supports the ability for a remote user s PC to authenticate to the Windows Domain. This will enable remote users to seamlessly login to applications that support Integrated Windows Authentication. With Secure Access 6.4, remote users can now access enterprise applications that use Integrated Windows Authentication through the WSAM access method. Such applications include Outlook, IIS-based web applications and remote file servers. Support for Windows Server 2008 Applications Secure Access 6.4 supports interoperability with Windows Server 2008 applications including Windows Terminal Services. This release also supports authentication and access control against Active Directory on Windows Server 2008. Customers can seamlessly upgrade to Windows Server 2008 in their enterprises while their Secure Access products continue to support critical applications on Windows Server 2008. The Secure Access products now support clientless access to Sharepoint 2007, Outlook Web Access 2007 and also Terminal Services access on Windows Server 2008. Customers can use Active Directory on Windows Server 2008 to perform authentication and access control for their Secure Access deployments. Client Access Mode Enhancements Client Access: Enhanced Credential Provider support with Network Connect Credential Provider integration with Network Connect introduced in version 6.2 has been enhanced to work with 64-bit Windows Vista in addition to the 32-bit version and also to integrate with smartcards for authentication. As Windows Vista 64-bit is gaining popularity, this is an essential feature for most customers. In addition, smartcards are used widely so that passwords need not be remembered for authentication.

Juniper Networks Secure Access (SA) SSL VPN v6.4 What s New Page 3 Product Bulletin Provides customers flexibility to choose the operating systems and authentication mechanisms best suited for their environment. Client Access: Extensions to usage of DHCP servers with Network Connect The DHCP server usage with Network Connect has been extended to allow for passing the DHCP options of DNS Server, DNS Domain, and NetBIOS server from the server to the client. In addition, customers will be able to pass name/value pairs as DHCP options to the server. Customers will also be able to configure multiple (up to 3) DHCP servers for backup purposes. Provides customers an easy migration path from the traditional IPSec VPN clients to the SSL VPN based Network Connect by allowing for the familiar configuration options Host Checker for Network Connect and Windows Secure Application Manager Launchers Customers can now leverage Host Checker functionality when using the standalone launchers of Network Connect and WSAM Access methods. Host Checker is now available for the standalone launchers of these access methods on Windows PCs. It is also available for WSAM on Windows Mobile platforms. This enables customers to enforce endpoint security on both Windows desktops as well as Windows Mobile devices using the Host Checker functionality while using standalone client launchers. Enhanced Manageability and Deployment Flexibility XML Import/Export for Instant Virtual Systems (IVS) Secure Access 6.4 extends programmatic support to configure and manage Instant Virtual Systems (IVS). This will enable Service Provider customers to integrate IVS management into their Operations Support Systems (OSS). It also enables Enterprises that use Instant Virtual Systems to leverage XML Import/Export capabilities for management of the individual Virtual Systems. Service Provider customers can now manage Instant Virtual Systems on their Secure Access appliances through their own Operations Support Systems (OSS). Customers can programmatically configure Instant Virtual Systems via XML, to create, edit and delete virtual systems on the Secure Access appliance. Customers can dynamically import or export XML configurations for Instant Virtual Systems into the Secure Access appliance.

Juniper Networks Secure Access (SA) SSL VPN v6.4 What s New Page 4 Product Bulletin Enhanced Split Tunneling configuration for Network Connect Access Method Customers can now configure a list of subnets or network hosts to be excluded from being tunneled through the Network Connect tunnel established between the remote desktop and the Secure Access appliance. In earlier releases, customers could only configure a list of subnets or hosts to be included in being tunneled through the Network Connect tunnel. This additional method of configuring split tunneling in Network Connect provides increased flexibility to the customer in specifying which subnets or hosts are to be included or excluded from being tunneled. Support proxy settings for download of virus signature and patch management files The Secure Access SSL VPN Host Checker has been enhanced to allow for the configuration of a proxy server to be used to download Virus signature version monitoring and Patch Management Info monitoring files as many customers often use a proxy server to download frequent updates instead of downloading these updates directly from the Juniper Networks support site. Provides flexibility to choose how customers want to update the connecting users endpoints for host checks. Endpoint Security Auto-remediation of endpoints through SMS Secure Access 6.4 now supports automatic remediation of non-compliant endpoints by updating software applications that do not comply to corporate security policies. Secure Access dynamically initiates an update of these software applications on the endpoint using the Microsoft SMS protocol. Endpoints configured with SMS for software management typically poll for updates to software applications every 15 minutes (this time period is configurable). So when an endpoint remotely connects to the corporate network, it may have to wait up to 15 minutes before its software is updated as per latest corporate policies. This will prevent the endpoint from gaining full network access if the Secure Access is configured with a policy that requires software applications to have the latest updates. Secure Access 6.4 will now force the endpoint to update its software right after evaluating its software versions, so that the user does not have to wait for the next periodic software updates. Improves productivity of remote users who will gain immediate access to the corporate network without having to wait for periodic updates of software applications. Ensures compliance of remote endpoints to corporate security policies by facilitating an immediate remediation as soon as the endpoint connects to the corporate network. Available on all Secure Access products and all Unified Access Control products.

Juniper Networks Secure Access (SA) SSL VPN v6.4 What s New Page 5 Product Bulletin SA4500FIPS and SA6500FIPS hardware platforms SA6500FIPS and SA4500FIPS hardware platforms now available Juniper s industry-leading SSL VPN solution now includes two new FIPS platforms the SA6500FIPS and the SA4500FIPS. These new platforms include the same functionality available on the rest of the Secure Access products, but include a dedicated FIPS 140-2 Level 3 certified hardware security module which handles all cryptographic operations. The SA4500FIPS is an enterprise-level, purpose-built hardened security appliance that supports up to 1000 simultaneous users. It can be clustered in pairs for increased throughput and seamless failover. The SA6500FIPS is built to meet the needs of the most demanding and complex government agency and secure enterprise environments. The SA6500FIPS can support up to 3,500 simultaneous users as a standalone device, scaling up to 10,000 users in a 4 unit cluster. It features dual mirrored, hot swappable power supplies, dual hot swappable fans, and dual redundant hot swappable power-efficient power supplies (second power supply optional, DC power supplies available). A four-port 10/100/1000 copper interface card is standard (upgradeable to fiber), as is a gigabit dedicated management interface.

Juniper Networks Secure Access (SA) SSL VPN v6.4 What s New Page 6 Product Bulletin 0BAbout Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at HUwww.juniper.netUH. Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information