Mailing List Archive

OK so yesterday I heard from other Juniper sources that this is not really
recommended anymore... that Juniper acquired Pulse Secure years ago, but
later, got rid of the Pulse Secure company and no longer really recommends
this dynamic/remote access vpn solution... and furthermore, that Juniper is
actually coming out with a newer Remote Access VPN solution soon.... (I
heard 3Q2019). Does anyone know anything about this?

Perhaps I should just look at better remote access vpn solutions.

I'm replacing old HA Active/Standby ASA5520's, which have also been my
remote access appliance for getting into the network remotely.

I've heard Palo Alto are good.

-Aaron



_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Hi,

On Wed, Aug 14, 2019 at 08:52:28AM -0500, Aaron Gould wrote:
> Perhaps I should just look at better remote access vpn solutions.
>
> I've heard Palo Alto are good.

When testing, give some extra attention to double-stack behaviour.

While we're generally quite happy with Fortigate's SSL-VPN thingie,
their "double-stack" sucks big time - basically, it's two single-stack
VPN solutions bolted together. You connect over v4, you can only
reach v4 resources. You connect over v6, you can only reach v6
resources. Their support says "well, it is what is is, but you can
open a feature request" and our AM says "we do not see the business
case"...

So: test this before buying. You'll need v6 and v4/v6 interop one day.

gert

--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

I was not impressed with the Palo Alto VPN solution when I looked into it a
couple years ago.

I think it was designed to be an always-on VPN solution to protect
corporate devices that are on the road, which is not our use case.

They did not support all of the major platforms we needed at the time,
however it looks like they have added a lot in recent versions.

--
Eldon

On Wed, Aug 14, 2019, 07:52 Aaron Gould <aaron1@gvtc.com> wrote:

> OK so yesterday I heard from other Juniper sources that this is not really
> recommended anymore... that Juniper acquired Pulse Secure years ago, but
> later, got rid of the Pulse Secure company and no longer really recommends
> this dynamic/remote access vpn solution... and furthermore, that Juniper is
> actually coming out with a newer Remote Access VPN solution soon.... (I
> heard 3Q2019). Does anyone know anything about this?
>
> Perhaps I should just look at better remote access vpn solutions.
>
> I'm replacing old HA Active/Standby ASA5520's, which have also been my
> remote access appliance for getting into the network remotely.
>
> I've heard Palo Alto are good.
>
> -Aaron
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Haven't had any issues with Palo Alto GlobalProtect client OS support since at least 2017 (Windows, Mac, Ubuntu and a mix of mobile devices are all working fine). Performance and stability with both IPsec (slightly faster) and SSL has been fine as well. We are currently considering the use of client less GlobalProtect SSL portal to provide secure Jira access for remote users: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/globalprotect-features/clientless-vpn#Thanks,AndrewSent from my Verizon, Samsung Galaxy smartphone
-------- Original message --------From: Eldon Koyle <ekoyle+puck.nether.net@gmail.com> Date: 8/16/19 7:05 PM (GMT-06:00) To: Aaron Gould <aaron1@gvtc.com> Cc: Juniper List <juniper-nsp@puck.nether.net> Subject: Re: [j-nsp] SRX dynamic vpn with Pulse Secure client - MacOS Apple laptop not working I was not impressed with the Palo Alto VPN solution when I looked into it acouple years ago.I think it was designed to be an always-on VPN solution to protectcorporate devices that are on the road, which is not our use case.They did not support all of the major platforms we needed at the time,however it looks like they have added a lot in recent versions.-- EldonOn Wed, Aug 14, 2019, 07:52 Aaron Gould <aaron1@gvtc.com> wrote:> OK so yesterday I heard from other Juniper sources that this is not really> recommended anymore... that Juniper acquired Pulse Secure years ago, but> later, got rid of the Pulse Secure company and no longer really recommends> this dynamic/remote access vpn solution... and furthermore, that Juniper is> actually coming out with a newer Remote Access VPN solution soon.... (I> heard 3Q2019).  Does anyone know anything about this?>> Perhaps I should just look at better remote access vpn solutions.>> I'm replacing old HA Active/Standby ASA5520's, which have also been my> remote access appliance for getting into the network remotely.>> I've heard Palo Alto are good.>> -Aaron>>>> _______________________________________________> juniper-nsp mailing list juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp>_______________________________________________juniper-nsp mailing list juniper-nsp@puck.nether.nethttps://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp