SSL VPN
Reply
Trusted Contributor
Jickfoo
Posts: 395
Registered: ‎11-06-2007
0
Accepted Solution

Junipers new Unified Client

Does anyone have any details about this? Apparently Juniper is working on a unified client which will work with the SSLVPN independant of switch code.

 

I'm curious if this will also work as a replacement to NS-Remote.

 

If anyone has any details please share..

 

Thanks,

Justin

Trusted Contributor
Mrkool
Posts: 248
Registered: ‎02-28-2008
0

Re: Junipers new Unified Client

i am not sure if any one is going to chime in here due to all the NDAs everyone has signed but i am pretty sure this is something on everyones list because i am not sure about you guys but i have over 5-6k users that do a full tunnel network connect and everytime i do a code update we have to update their clients so a static client that will work independent of code running on the SA will be very nice.
SA-6500 (7.3R3) Production
MAG 4610 (7.4) Lab
Trusted Contributor
Jickfoo
Posts: 395
Registered: ‎11-06-2007
0

Re: Junipers new Unified Client

bump.. Anyone.. Bueller ..
Trusted Contributor
Jickfoo
Posts: 395
Registered: ‎11-06-2007
0

Re: Junipers new Unified Client

Here's the final answer:  

 

"NC can not be independent of IVE’s base software release.  Once IVE code is updated, all connecting NC clients will be updated to match IVE’s code base."

 Looks like it will be this way forever. Justin
drf
Contributor
drf
Posts: 46
Registered: ‎09-23-2008
0

Re: Junipers new Unified Client

[ Edited ]
The only thing I have heard is that they are working on some new client. They need to remove the requirement that the server and client have the same version. We have areas in the company that go into a freeze and cannot do any software updates. We need to have a way to control the distribution of the client independent of the server version. I guess we will have to submit an enhancement request.
Message Edited by drf on 09-16-2009 12:52 PM
Contributor
syntaxian
Posts: 18
Registered: ‎09-29-2008
0

Re: Junipers new Unified Client

@drf:

 

If you can go to other sites and the host checker works it could be a conection missing from User Realm --> Authentication Policy -- Host Checker.

drf
Contributor
drf
Posts: 46
Registered: ‎09-23-2008
0

Re: Junipers new Unified Client

We are not using host checker. Basically we want to be able to upgrade the server OS and have absolutely no affect to the client components i.e. no NC auto upgrade. We want to push the NC version out using our own deployment tools. Our Desktop organization has strict rules on this.
Juniper Employee
tkolb
Posts: 10
Registered: ‎08-07-2009
0

Re: Junipers new Unified Client

Hi drf

 

As you already know, there is no option to turn off the auto upgrade of NC. The reason is that we can not provide backwards compatibility for older NC clients working with newer SA-OS versions because of changes in the code and features supported.

 

Regards

T.

Trusted Contributor
Jickfoo
Posts: 395
Registered: ‎11-06-2007
0

Re: Junipers new Unified Client

yet Cisco and every other SSLVPN Provider have seemed to make this work very nicely. tkolb, is that Juniper can't do it or that Juniper does not want to invest the time in it. This is a major flaw in the design of the Network Connect.

 

As someone stated earlier in the thread, to upgade the switch code, Network Connect Client Code and Host checker for 3000 users all on the same day is simply too much change. Fine for small operations but our Help-Desk cant handle that kind of call volume when things go wrong. (And things do go wrong during the upgrade.)

Contributor
DougR
Posts: 39
Registered: ‎01-08-2008
0

Re: Junipers new Unified Client

Backwards compatiblity and forwards compatiblity are two different issues.  Backwards should not be an issue for at least one or two versions.

 

This also becomes a major issue when conencting to multiple networks, or using a test network for new firmware.  Each connection requires the software to be re-installed over and over.  It is quite a hassle.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.