Tip

How Juniper and F5 SSL VPNs can handle endpoint security

Setting up endpoint security on an existing SSL VPN architecture is somewhat complex. We'll show you how it is done on two of the leading products: F5 Networks Inc.'s Firepass and Juniper Networks Inc.'s SA-6000

    Requires Free Membership to View

SP. Both use Web-based administrative consoles, and there are various places to configure the endpoint routines within these consoles.

More information

David Strom's live webcast, premiering Jan. 17th at noon ET, reveals how to implement a successful endpoint security strategy.

On the Firepass, first we will demonstrate how to set up the various endpoint security policies, and then we will implement them for particular groups of users. On the administrative console, upon going into the Users section, you'll see that Endpoint Security is the third category of menus on the upper left-hand menu bar.

Here you'll see a screen that lists all the various endpoint inspection routines that are available, such as checking for an installed firewall or particular antivirus signature. Moving down the left-hand navigation bar menu options, you see pre-login sequence and post-login actions as your next series of choices, and these control what is done at these times.

If you click on pre-login sequence, you will see a screen listing the particular sequences that you have already specified.

If you click on one of these sequences, you will be brought to F5's visual policy editor, a Visio-like flowcharting program with which you can drag and drop actions and choices for the software to perform.

The last couple of choices on the left-hand nav bar are protected configurations and protected resources. The former will bring up a screen similar to the one below, showing the security policies that have been implemented before a user can access particular resources.

Once these policies are created, click on the bottom of the left-hand navigation bar into the Network Access section, and then choose the Policy Checker menu tab on the top.

At the bottom of this screen is a bar that reads, "Endpoint Protection Required for this Resource Group." There is a pull-down box of various choices, such as restricted login or time-dependent login. This is where you specify overall policies for particular users or groups; when you do, you will see a screen similar to the one below.

Juniper's endpoint routines are slightly different. On its management interface, there is a separate endpoint security section as with Firepass, and there are two basic configuration sequences for host checking and for its cache cleaner.

You can perform the checks on each endpoint every 10 minutes by default, or change this value as you wish. Creating a new host checking policy will bring you to a screen where you can add particular rules.

Rules must be specified for Windows, Macintosh and Linux endpoints separately. You'll see a drop-down box on this screen to set up the individual rules, such as checking for personal firewalls installed on each device, where you'll come to a screen such as the one shown below.

About the author:
David Strom is one of the leading experts on network and Internet technologies and has written extensively on the topic for nearly 20 years. He has held several editorial management positions for both print and online properties, most recently as Editor-in-Chief for
Tom's Hardware. In 1990, Strom created Network Computing magazine and was the first Editor-in-Chief establishing the magazine's networked laboratories. He is the author of two books: Internet Messaging (Prentice Hall 1998) which he co-authored with Marshall T. Rose and Home Networking Survival Guide (McGrawHill/Osbourne; 2001). Strom is a frequent speaker, panel moderator and instructor and has appeared on Fox TV News Network, NPR's Science Friday radio program, ABC TV's World News Tonight and CBS-TV's Up to the Minute.

This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.