[j-nsp] SRX dynamic vpn with Pulse Secure client - MacOS Apple laptop not working

Gert Doering gert at greenie.muc.de
Wed Aug 14 11:22:33 EDT 2019


Hi,

On Wed, Aug 14, 2019 at 08:52:28AM -0500, Aaron Gould wrote:
> Perhaps I should just look at better remote access vpn solutions.  
> 
> I've heard Palo Alto are good.

When testing, give some extra attention to double-stack behaviour.

While we're generally quite happy with Fortigate's SSL-VPN thingie,
their "double-stack" sucks big time - basically, it's two single-stack
VPN solutions bolted together.  You connect over v4, you can only
reach v4 resources.  You connect over v6, you can only reach v6 
resources.  Their support says "well, it is what is is, but you can
open a feature request" and our AM says "we do not see the business
case"...

So: test this before buying.  You'll need v6 and v4/v6 interop one day.

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de


More information about the juniper-nsp mailing list