Juniper has released a new version of software for their SSL VPN (Secure Access) appliances. The new release, 6.5R2, hopefully corrects all the issues and heartache that 6.5R1 brought to Juniper’s customers. I won’t rehash the issues that we discovered in 6.5R1, if you haven’t heard about them you can go read the earlier posts on the subject;
- Juniper SSL VPN Secure Access 6.5 Available
- Norton 360 and Juniper SSL VPN WSAM
- Juniper SSL VPN Upgrade – Client Software
- Juniper SSL VPN Appliance and Windows Vista 64-Bit
I will be testing 6.5R2 on a spare SA4000 appliance (waiting for an evaluation license key from Juniper) and will share my results with everyone here.
You can find the release notes for 6.5R2 here.
When will Juniper Network’s SSL VPN (SA platform/IVE OS) support Microsoft’s Windows 7 OS as a supported client platform? You can refer to Juniper knowledge base article, KB13195.
Juniper states that “Microsoft Windows 7 is qualified” (not supported) on 6.5R2 and there should be no major issues aside from the know caveats/issues.
* All client components:
- 1. Unable to install (or) launch client component using IE8 (64 bit). This is expected as IE8 (64 bit) browser is not supported. Please use IE8 (32 bit) to avoid this issue. (470316)
* EndPoint Integrity:
- When using IE 8 on 64-bit Windows 7 the reason string is not available when a patch assessment policy fails. (485421)
* Secure Virtual Workspace (SVW):
- When opening a file with Windows Photo Viewer inside SVW, the file is shown on the real desktop rather than inside the SVW session. (447409)
- On Windows 7, saving a MS Office 2003 file inside SVW fails. (486104)
- On Windows 7, Control Panel is accessible inside SVW even if it is disabled under application to allow list. (486104)
- If Kaspersky Anti-Virus Version 2009 (184.108.40.2066) is installed on a Windows 7 (OR) Windows Vista computer, WSAM will not be able to intercept and secure traffic. This issue is not seen with older versions of Kaspersky Anti-Virus (434715).
Update: January 6, 2009
I should point out that I’ve discovered that JSAM will not launch properly with Windows 7 (64-bit) when running 6.5R1 software. I initially thought it might have something to-do with the 32-bit/64-bit versions of Internet Explorer or the 32-bit/64-bit versions of the Java Runtime Environment. I tested the same machine today with 6.5R2 and it worked fine using the 32-bit version of Internet Explorer. I didn’t try the 64-bit version of Internet Explorer. So it would appear the problem is resolved in 6.5R2 software, please see the forums for additional details.
6.5 for us was a dog… DNS issues, DHCP timeouts etc etc
Been running 6.5 R2 for a few weeks now and so far so good… Rock solid in fact. The fix for preventing the NC script to run each time the connection is dropped is most welcome!
Michael McNamara says
Thanks for the feeback Dave. We literally got hammered by 6.5(R1). I was waiting until after the holidays to upgrade the system to 6.5R2. Although I do have a test system running 6.5R2 I have yet to really put it through it’s paces.
With respect to your comments about the NC script? What type of commands are you running in the script? Are you mapping drives, etc? Just curious.
I hear you on the hammering! It was a very disappointing release and one Juniper should get a hammering for. We use our appliances to create a split tunnel into our network for our laptop users. As the users have already logged on locally before they connect to the VPN we are using the NC to call a kix script. This script refreshes our ZenWorks application delivery window, map’s a bunch of drives, runs a couple of reg checks and copies a few small office templates. On previous releases of NC, if you had one small drop the whole script would run again. It looks like they have built tolerance into the software to stop this happening which is great. Keep us posted on how you get you.
Mohammed Hughes says
Internet Explorer 8 is very good because it is as stable as Opera. I hate the previous versions of IE like IE6 because it hangs frequently. `
I’m about to deploy the Juniper Installer Service ( 220.127.116.1173) as a base for the 6.5R3.1 NC on our clients using WPKG. I can easily make the msi available, but don’t know how to enter the required information (username/company) in silent mode.
Do you guys know, how to manage this?
Thanks in advance,
Michael McNamara says
Thankfully I don’t have to worry about packaging the client. I just let the client(s) automatically install whenever a user visits the Juniper SSL VPN Secure Access 4000 appliance.
You’ll need to repackage the MSI using an answer file or some other method. There are a number of ways to-do this but they revolve around how to automate a silent MSI install and not around the Juniper SSL VPN itself.
Lord Edam says
it’s designed to go out effortlessly, so if you’re using central deployment (group policy etc.) it shouldn’t be a problem.
msiexec /i /qb junipersetupserviceinstaller.msi runs through the installation without input, provided it’s run with administrative credentials.
Michael McNamara says
Thanks for sharing that information!
Thank you both for your replies! I tried it and it doesn’t really care about any missing information.