Published on 12/09/2008

Juniper Networks market leading SA Series SSL VPN Appliances ensure that remote and mobile employees, customers and partners have anytime, anywhere secure access to your corporate networks resources and applications.

Juniper Networks SA Series Models

Juniper Networks SSL VPN appliances lead the market with remote access solutions that meet the needs of organizations of every size.

The world’s IT leaders choose Juniper Networks SSL systems more often than all other vendors combined thanks to the affordable, full-featured flexibility these solutions provide.

The product family includes models sized to meet the needs of small businesses with limited IT experience all the way up to high-capacity systems for large enterprises requiring the utmost authentication, authorization, and auditing (AAA) capabilities for employee, partner (extranet) and customer access.

Juniper SA Family

SA700 SSL VPN Appliance
Juniper Networks SA700 SSL VPN Appliance provides small to medium-sized enterprises a secure, cost-effective way to deploy remote access to the corporate network.

SA2000 SSL VPN Appliance
Juniper Networks SA2000 SSL VPN Appliance enables small to medium-sized companies to deploy cost-effective remote and extranet access, as well as intranet security.

SA2500 SSL VPN Appliance
Juniper Networks SA2500 SSL VPN Appliance enables small to medium-sized companies to deploy cost-effective remote and extranet access, as well as intranet security.

SA4000 SSL VPN Appliance
Juniper Networks SA4000 SSL VPN Appliance enables medium-sized to large organizations to provide cost-effective remote and extranet access from any standard Web browser.

SA4500 SSL VPN Appliance
Juniper Networks SA4500 SSL VPN Appliance enables medium-sized to large organizations to provide cost-effective remote and extranet access from any standard Web browser.

SA6000 SSL VPN Appliance
Juniper Networks SA6000 SSL VPN Appliance, designed for large enterprises, features best-in-class performance, scalability, and redundancy for organizations requiring high-volume secure access and authorization.

SA6500 SSL VPN Appliance
Juniper Networks SA6500 SSL VPN Appliance is specifically designed for large enterprises and service providers. It features best-in-class performance, scalability, and redundancy for organizations requiring high-volume secure access and authorization.

Juniper SA Features

The Juniper Networks SA Series is feature rich to help you provide flexible secure access to your newtork.

FEATURE FEATURE DESCRIPTION BENEFITS

Host Checker Client computers can be checked both prior to and during a session to verify an acceptable device security posture requiring installed/running endpoint security applications (antivirus, firewall, other). Also supports custom built checks including verifying ports opened/closed, checking files/processes and validating their authenticity with Message Digest 5 (MD5) hash checksums, verifying registry settings, machine certificates, and more. Verifies/ensures that endpoint device meets corporate security policy requirements before granting access, remediating devices, and quarantining users when necessary

Policy-based enforcement Allows the enterprise to establish trustworthiness of non-API compliant hosts without writing custom API implementations or locking out external users, such as customers or partners that run other security clients. Enables access to extranet endpoint devices like PCs from partners that may run different security clients than that of the enterprise.

Hardened security appliance Designed on a purpose-built operating system. Not designed to run any additional services and is thus less susceptible to attacks; no backdoors to exploit or hack.

Integrated malware protection Pre-installed checks to protect users and devices from keyloggers, trojans, and remote control applications. Enables customers to provision endpoint containment capabilities.

Coordinated threat control Enables SA Series SSL VPN Appliances and Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to tie the session identity of the SSL VPN with the threat detection capabilities of the IDP Series, taking automatic action on users launching attacks. Effectively identifies, stops, and remediates both network and application-level threats within remote access traffic.

Integration with strong authentication and identity and access management platforms Ability to support SecurID, Security Assertion Markup Language (SAML), and public key infrastructure (PKI)/digital certificates. Leverages existing corporate authentication methods to simplify administration.

Multiple hostname support Ability to host different virtual extranet Web sites from a single SA Series SSL VPN Appliance. Saves the cost of incremental servers, eases management overhead, and provides a transparent user experience with differentiated entry URLs.

Customizable user interface Creation of completely customized sign-on pages. Provides an individualized look for specified roles, streamlining the user experience.

In Case of Emergency (ICE) Provides licenses for a large number of additional users on an SA Series SSL VPN Appliance for a limited time when a disaster or epidemic occurs. Enables a company to continue business operations by maintaining productivity, sustaining partnerships, and delivering continued services to customers when the unexpected happens.

Cross-platform support Ability for any platform to gain access to resources such as Windows, Mac, Linux or mobile devices. Provides flexibility in allowing users to access corporate resources from any type of device using any type of operating system.

Advanced SSO enhancements – Kerberos SSO and NTLMv2 support SA Series will automatically authenticate remote users via Kerberos or NTLMv2 using user credentials. Simplifies user experience by avoiding having users enter credentials multiple times to access different applications.

Clientless Core Web access Access to web-based applications, including complex JavaScript, XML, or Flash-based apps and Java applets that require a socket connection, as well as standards-based email like Outlook Web Access (OWA), Windows and UNIX file share, telnet/SSH hosted-applications, Terminal Emulation, SharePoint, and others.
Provides the most easily accessible form of application and resource access from a variety of end user machines, including handheld devices; enables extremely granular security control options; completely clientless approach using only a Web browser.

Secure Application Manager (SAM) A lightweight Java or Windows-based download enabling access to client/server applications. Enables access to client/server applications using just a Web browser; also provides native access to terminal server applications without the need for a pre-installed client.

Network Connect (NC) Provides complete network-layer connectivity via an automatically provisioned cross-platform download; Windows Logon/GINA integration for domain SSO; installer services to mitigate need for admin rights. Allows for split tunneling capability. Users only need a Web browser. Network Connect transparently selects between two possible transport methods to automatically deliver the highest performance possible for every network environment. When used with Juniper Networks Installer Services, no admin rights are needed to install, run, and upgrade Network Connect; optional standalone installation is available as well. Split tunneling capability provides flexibility to specify which subnets or hosts to include or exclude from being tunneled.

	SA700 SSL VPN Appliance Juniper Networks SA700 SSL VPN Appliance provides small to medium-sized enterprises a secure, cost-effective way to deploy remote access to the corporate network.
	SA2000 SSL VPN Appliance Juniper Networks SA2000 SSL VPN Appliance enables small to medium-sized companies to deploy cost-effective remote and extranet access, as well as intranet security.
	SA2500 SSL VPN Appliance Juniper Networks SA2500 SSL VPN Appliance enables small to medium-sized companies to deploy cost-effective remote and extranet access, as well as intranet security.
	SA4000 SSL VPN Appliance Juniper Networks SA4000 SSL VPN Appliance enables medium-sized to large organizations to provide cost-effective remote and extranet access from any standard Web browser.
	SA4500 SSL VPN Appliance Juniper Networks SA4500 SSL VPN Appliance enables medium-sized to large organizations to provide cost-effective remote and extranet access from any standard Web browser.
	SA6000 SSL VPN Appliance Juniper Networks SA6000 SSL VPN Appliance, designed for large enterprises, features best-in-class performance, scalability, and redundancy for organizations requiring high-volume secure access and authorization.
	SA6500 SSL VPN Appliance Juniper Networks SA6500 SSL VPN Appliance is specifically designed for large enterprises and service providers. It features best-in-class performance, scalability, and redundancy for organizations requiring high-volume secure access and authorization.

FEATURE	FEATURE DESCRIPTION	BENEFITS
Host Checker	Client computers can be checked both prior to and during a session to verify an acceptable device security posture requiring installed/running endpoint security applications (antivirus, firewall, other). Also supports custom built checks including verifying ports opened/closed, checking files/processes and validating their authenticity with Message Digest 5 (MD5) hash checksums, verifying registry settings, machine certificates, and more.	Verifies/ensures that endpoint device meets corporate security policy requirements before granting access, remediating devices, and quarantining users when necessary
Policy-based enforcement	Allows the enterprise to establish trustworthiness of non-API compliant hosts without writing custom API implementations or locking out external users, such as customers or partners that run other security clients.	Enables access to extranet endpoint devices like PCs from partners that may run different security clients than that of the enterprise.
Hardened security appliance	Designed on a purpose-built operating system.	Not designed to run any additional services and is thus less susceptible to attacks; no backdoors to exploit or hack.
Integrated malware protection	Pre-installed checks to protect users and devices from keyloggers, trojans, and remote control applications.	Enables customers to provision endpoint containment capabilities.
Coordinated threat control	Enables SA Series SSL VPN Appliances and Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to tie the session identity of the SSL VPN with the threat detection capabilities of the IDP Series, taking automatic action on users launching attacks.	Effectively identifies, stops, and remediates both network and application-level threats within remote access traffic.
Integration with strong authentication and identity and access management platforms	Ability to support SecurID, Security Assertion Markup Language (SAML), and public key infrastructure (PKI)/digital certificates.	Leverages existing corporate authentication methods to simplify administration.
Multiple hostname support	Ability to host different virtual extranet Web sites from a single SA Series SSL VPN Appliance.	Saves the cost of incremental servers, eases management overhead, and provides a transparent user experience with differentiated entry URLs.
Customizable user interface	Creation of completely customized sign-on pages.	Provides an individualized look for specified roles, streamlining the user experience.
In Case of Emergency (ICE)	Provides licenses for a large number of additional users on an SA Series SSL VPN Appliance for a limited time when a disaster or epidemic occurs.	Enables a company to continue business operations by maintaining productivity, sustaining partnerships, and delivering continued services to customers when the unexpected happens.
Cross-platform support	Ability for any platform to gain access to resources such as Windows, Mac, Linux or mobile devices.	Provides flexibility in allowing users to access corporate resources from any type of device using any type of operating system.
Advanced SSO enhancements – Kerberos SSO and NTLMv2 support	SA Series will automatically authenticate remote users via Kerberos or NTLMv2 using user credentials.	Simplifies user experience by avoiding having users enter credentials multiple times to access different applications.
Clientless Core Web access	Access to web-based applications, including complex JavaScript, XML, or Flash-based apps and Java applets that require a socket connection, as well as standards-based email like Outlook Web Access (OWA), Windows and UNIX file share, telnet/SSH hosted-applications, Terminal Emulation, SharePoint, and others.	Provides the most easily accessible form of application and resource access from a variety of end user machines, including handheld devices; enables extremely granular security control options; completely clientless approach using only a Web browser.
Secure Application Manager (SAM)	A lightweight Java or Windows-based download enabling access to client/server applications.	Enables access to client/server applications using just a Web browser; also provides native access to terminal server applications without the need for a pre-installed client.
Network Connect (NC)	Provides complete network-layer connectivity via an automatically provisioned cross-platform download; Windows Logon/GINA integration for domain SSO; installer services to mitigate need for admin rights. Allows for split tunneling capability.	Users only need a Web browser. Network Connect transparently selects between two possible transport methods to automatically deliver the highest performance possible for every network environment. When used with Juniper Networks Installer Services, no admin rights are needed to install, run, and upgrade Network Connect; optional standalone installation is available as well. Split tunneling capability provides flexibility to specify which subnets or hosts to include or exclude from being tunneled.