Juniper is supporting both IPSec and SSL in its NetScreen security gateways, making it possible to use the more appropriate VPN technology depending on circumstances.
Unlike other IPSec implementations, this requires no IPSec client software on remote machines, lifting one of the main objections to IPSec. Many customers find installing and maintaining the clients to be more time consuming than they can afford.
Juniper says its IPSec transport agent creates less delay than SSL, so it is the default. But in cases where network address translation or firewalls set up by another business interfere, the agent uses SSL instead.
This blending of the two technologies can be good for customers looking for the optimal connection. It is also a plus that the end user doesn't have to do anything about picking which one to use, a situation that would inevitably result in a spike in help desk calls.
The same software upgrade that supports the dual VPN technologies also adds XML rewrite capabilities to the NetScreen gateways. This makes it more likely that the gateways can provide SSL access to XML-based content.
Juniper is also adding features to its software that checks whether remote devices meet security policies before admitting them to a VPN. The NetScreen gear had this capability before, but now it can automatically respond to policy shortcomings in more ways. For example, it can direct the device to a Web site where it can get updates to bring it into compliance and then run the compliance check again.
This new release brings some substantive changes to the Juniper platform that warrant checking out by potential customers shopping for remote access VPN gear.