[j-nsp] Infranet controller solution

Mon Oct 31 00:49:40 EDT 2016

Hi Michael / Bill,

I've just re-read the D60 release notes and Dynamic VPNs are back in the
code:

"Dynamic VPN remote access for Secure Pulse clients to SRX300, SRX320,
SRX340, SRX345, and SRX550M devices—Starting with Junos OS Release
15.1X49-D60, dynamic VPN simplifies remote access by enabling Pulse Secure
clients to establish IPsec VPN tunnels to SRX services gateways without
having to manually configure VPN settings on their PCs or laptops. User
authentication is supported through a RADIUS server or a local IP address
pool."

http://www.juniper.net/techpubs/en_US/junos15.1x49-d60/information-products/topic-collections/release-notes/15.1x49-d60/junos-release-notes-15.1X49-D60.pdf

HTH,
Graham

Graham Brown
Twitter - @mountainrescuer <https://twitter.com/#!/mountainrescuer>
LinkedIn <http://www.linkedin.com/in/grahamcbrown>

On 30 October 2016 at 21:36, Michael Gehrmann <mgehrmann at atlassian.com>
wrote:

> Good to know. Makes sense as this feature got sold off and the solution was
> never fully accepted by enterprise.
>
> Cheers
> Mike
>
> On 29 October 2016 at 01:49, Bill Blackford <bblackford at gmail.com> wrote:
>
> > I was told by our SE that the newer models of SRX will no longer support
> > Pulse Secure. I've also had to downgrade code to get older models to
> > support it as well.
> >
> > Sent from my iPhone
> >
> > > On Oct 28, 2016, at 00:59, Michael Gehrmann <mgehrmann at atlassian.com>
> > wrote:
> > >
> > > Hi James,
> > >
> > > I'm only aware of Palo Alto and Juniper supporting this function. The
> > next
> > > generation SRX (300 and 1500) have some pretty good pricing from what I
> > > have experienced.
> > >
> > > https://www.pulsesecure.net/download/document/988/
> > PulseSecure_Solution_Brief_PAN_PPS_d1v5.fin.pdf
> > >
> > > I have experienced the Juniper integration with NAC and it works very
> > well.
> > >
> > > Cheers
> > > Mike
> > >
> > >> On 28 October 2016 at 18:52, james list <jameslist72 at gmail.com>
> wrote:
> > >>
> > >> Hi Mike
> > >> here the functionality I'm looking for in the firewall device:
> > >>
> > >> - integration with MAG Pulse Secure
> > >> - policy enforcement using at least destination ip address, port and
> > >> protocol
> > >> - policy enforcement with action at least like allow, deny, reject
> > >> - policy enforcement based on user role
> > >>
> > >> Cheers
> > >> James
> > >>
> > >>
> > >> -
> > >>
> > >> 2016-10-28 7:21 GMT+02:00 Michael Gehrmann <mgehrmann at atlassian.com>:
> > >>
> > >>> Hi James,
> > >>>
> > >>> Might be useful if you describe what functionality you are trying to
> > >>> achieve. i.e. SRX as an enforcer
> > >>>
> > >>> Also you may not find many 'cheaper' alternatives in the TNC space:
> > >>> https://en.wikipedia.org/wiki/Trusted_Network_Connect
> > >>>
> > >>> Cheers
> > >>> Mike
> > >>>
> > >>>> On 28 October 2016 at 01:36, james list <jameslist72 at gmail.com>
> > wrote:
> > >>>>
> > >>>> Hi experts,
> > >>>>
> > >>>> has anybody ever configured an infranet controller solution using
> MAG
> > >>>> (today Pulse Secure) other than using SRX firewall ?
> > >>>>
> > >>>>
> > >>>> I looking to find an alternative solution to SRX and as far as I’ve
> > >>>> searched till now, seems that only Palo Alto could do something. I’m
> > >>>> wondering if there are (cheaper) alternative…
> > >>>>
> > >>>>
> > >>>> Thanks in advance
> > >>>>
> > >>>>
> > >>>> Cheers
> > >>>>
> > >>>> James
> > >>>> _______________________________________________
> > >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Michael Gehrmann
> > >>> Senior Network Engineer - Atlassian
> > >>> m: +61 407 570 658
> > >
> > >
> > > --
> > > Michael Gehrmann
> > > Senior Network Engineer - Atlassian
> > > m: +61 407 570 658
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
>
> --
> Michael Gehrmann
> Senior Network Engineer - Atlassian
> m: +61 407 570 658
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>