SSL VPN
Reply
Contributor
malik1
Posts: 164
Registered: ‎11-14-2009
0

Queries Regarding SA6500

Hello Community

 

Can some one please answer my queries regarding SA6500

 

Queries are as follows

 

1-what is the recommended OS version of SA6500 nowadays? Keeping in view it needs to be integrated with Win Active Directory

 

2-how many static route entries SA6500 box can support, is there any limit? can we put 1000+ static entries?

 

3-can we configure SA6500 to send log information using MGMT interface to STRM?

 

4-does virtual ports means VLAN IDs?

 

5-when configuring for clientless operation (non-NC client) which IP address become the source IP when accessing a webserver or FTP server? internal interface IP or the IP address of the user machine?

 

Thanks & Regards

Malik

 

Moderator Moderator
Moderator
SVK
Posts: 188
Registered: ‎08-22-2011
0

Re: Queries Regarding SA6500

Hi Malik,

 

Please find answers inline

 

1-what is the recommended OS version of SA6500 nowadays? Keeping in view it needs to be integrated with Win Active Directory

 The recommended version currently would be 7.1R6

 

2-how many static route entries SA6500 box can support, is there any limit? can we put 1000+ static entries?

  I dont think this would be good design

 

3-can we configure SA6500 to send log information using MGMT interface to STRM?

Once you enable the Management Port capabilities, specific types of management traffic

are sent over the management port:

• Syslog traffic

• SNMP traps

• SNMP queries

• NTP traffic

• FTP/SCP archive traffi

 

4-does virtual ports means VLAN IDs?

No

 

5-when configuring for clientless operation (non-NC client) which IP address become the source IP when accessing a webserver or FTP server? internal interface IP or the IP address of the user machine?

Internal interface IP of the SA

 

Hope this answers your queries

 

please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

 

Regards,

Vijay

 

Contributor
malik1
Posts: 164
Registered: ‎11-14-2009
0

Re: Queries Regarding SA6500

Hello Vijay

 

Thank You very much.

 

For point 2 i further need your comments.

 

2-how many static route entries SA6500 box can support, is there any limit? can we put 1000+ static entries?
Ans- I dont think this would be good design


>>> the question was specific to that how many static route entries the box can handle.

further the reason behind is that we have four MPLS VRFs in which we want to provide access to the users. so we are thinking to create sub-interfaces on the outside interface and assign VLAN-IDs to it so that each VLAN connects the SA in four MPLS VRFs. The issue is that out of four VRFs one VRF contains 1000+ routes.
the another issue is that all the destination networks in the VRFs and even users IP addresses are from 10.0.0.0/8 range. we can assing 192.X or 172.X ranges over Network Connect Junos Pluse, but for clientless access the routing would be tricky.

note:we are not deploying the SA for Internet users rather we are deploying it for our internal organizational users

 

Thanks & Regards

Malik

Moderator
zanyterp
Posts: 2,263
Registered: ‎11-19-2007
0

Re: Queries Regarding SA6500

There is no limit to the number of routes you can choose to configure; the numbers you are quoting would not be easily manageable (as you are aware); however, there is nothing that would prevent this.

Virtual ports == virtual IPs == additional IP address on the same network. You can choose to do VLANs if desired as a separate sequence/access mechanism
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.