Juniper Networks SA700 SSL VPN Appliance

A secure, cost-effective way to deploy remote access to the corporate network.

Juniper Products
SA Series Appliances
Juniper Networks Secure Access 700 SSL VPN Appliance	#SA700 List Price: $1,500.00

More pricing below, click here

SA700 Overview:

The Juniper Networks SA700 SSL VPN Appliance enables small- to medium-sized enterprises to deploy remote access to the corporate network in a secure and cost-effective way. Because the SA700 uses Secure Sockets Layer (SSL) to provide encrypted transport, it enables instant remote access from just a Web browser. This clientless architecture eliminates the high cost of installing, configuring and maintaining client software on every device, significantly reducing the total cost of ownership (TCO) versus traditional VPN solutions. SSL delivery also eliminates the Network Address Translation (NAT) and firewall traversal issues encountered with traditional remote access products, allowing remote & mobile users reliable and ubiquitous access from external networks such as homes or hotels.

The Juniper Networks SA700 SSL VPN Appliance comes standard with Network Connect access method, which creates a secure network-layer connection via a lightweight, cross-platform dynamic download. The SA700 can also be upgraded to include Core Clientless access method, which enables connections from any device at any location to Web-enabled applications, including those with XML and Flash content, files, standards-based email, and telnet/SSH sessions. The SA700 appliance delivers enterprise-strength AAA (authentication, authorization, and accounting) and comprehensive endpoint defense.

Architecture and Key Components

Lower TCO

Dependable technology tailored to the needs of small- to medium-sized enterprises by the SSL VPN market leader—Juniper Networks
Plug-n-play appliance that installs in minutes with minimal IT knowledge required
No client software deployment or maintenance—users only need an Internet connection for access
Simple end user and administrator interfaces facilitate quick and easy use
Improved productivity for remote employees
No network interoperability issues

End-to-End Security

Complete, secure access to LAN resources, ensuring that the endpoint device, data in transit and internal resources are secure.
Seamless integration with broad range of authentication methods and protocols.

Features & Benefits:

The SA700 deploys quickly and easily, and it does not require the costly deployment and maintenance of individual client software on each device. The SA700 delivers an appliance tailored to the specific needs of small- to medium-sized companies, in an affordable plug-n-play form factor. Since the SA700 is designed primarily to address the remote access needs of smaller organizations, it will not have the same enterprise-class features found in Juniper Network SA2500, SA4500, or SA6500 SSL VPN Appliances. Please consult your Juniper Networks sales representative or authorized channel partner to ensure the correct SA Series model will address your remote access needs.

Lower Cost of Ownership

The SA700 series provides complete end-to-end layered security, ensuring that the endpoint device, data in transit and internal resources are secure. The SA700 integrates seamlessly with a broad range of authentication methods and protocols, and its hardened architecture effectively protects internal resources.

Features	Features Description	Benefits
Uses SSL, available in all standard Web browsers	Enables secure remote access from any browser.	Users only need an Internet connection for access.
No end user client to install	Requires no changes to existing network infrastructure. Supports multiple operating systems, including Windows, Linux, Mac, PocketPC and more.	Eliminates the cost and complexity associated with maintaining installed clients on user devices. Enables the addition of new users or access to new applications with just a few clicks.
Leverages existing security infrastructure	Integrates with existing user directories. Fully compatible with a broad range of authentication methods and protocols.	Simplifies any network administration.
Interoperation with external networks—eliminating issues with (NAT) or firewall traversal	Improves user experience by simplifying access to internal resources from external networks. Reduces costly support calls.	Eliminates network interoperability issues.
Desktop or 1U rack-mountable form factor	Runs quietly on desktop if no server rack is available.	Saves valuable rack space in the data closet.
Individual models provide support for 10, 15, or 25 concurrent users	Offers customers the flexibility to purchase according to their capacity requirements and budgetary limitations.	IT investments can be made according to budget and need.

End-to-End Layered Security

The SA700 features a user-friendly Web-based interface and streamlined administration making it easy to use and administer.

Features	Features Description	Benefits
Native Host Checker	Client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or restricting network ports, checking files/processes, and validating their authenticity with Message Digest 5 (MD5) hash checksums. Performs version checks on security applications, and carries out pre-authentication checks and enforcement.	Enables enterprises to write their own host checker method to customize the policy checks. Resource access policy for non-compliant endpoints is configurable by administrator.
Host Checker API	Created in partnership with best-in-class endpoint security vendors, enables enterprises to enforce an endpoint trust policy for managed PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints.	Uses current security policies with remote users and devices; easier management.
Host Checker server integration API	Enables enterprises to deliver and update third-party security agents from the SA700.	Reduces public-facing infrastructure. Enables consolidated reporting of security events. Enables policy-based remediation of non-compliant clients.
Hardened security appliance and Web server	Purpose-built hardware appliance and hardened security infrastructure, with no general purpose services, system-level user accounts or interactive shell.	Not designed to run any additional services and is less susceptible to attacks; no backdoors to exploit.
Security services employ kernel-level packet filtering and safe routing	Ensures that unauthenticated connection attempts, such as malformed packets or denial of service (DoS) attacks, are filtered out.	Effective protection against threats and attacks.
Cache cleaner	All proxy downloads and temp files installed during the session are erased at logout, ensuring that no data is left behind.	Ensures that no potentially sensitive session data is left behind on the endpoint machine.
Support for strong authentication methods and protocols including RADIUS, Lightweight Directory Access Protocol (LDAP), public key infrastructure (PKI), Active Directory, RSA/Secure ID	Enables enterprise-strength authentication via optional integration with directories (PKI) and leading multi-factor authentication systems. Also includes a secure internal user database for enterprises that have not deployed third-party authentication.	Allows administrators to establish dynamic authentication policies for each user session, based on user/device/network attributes and specific login conditions, including an optional pre-authentication assessment to examine the client’s security state before the login page is presented.
Auditing and logging	Full auditing and logging capabilities in a clear, easy-to-understand format.	Simplifies configuration, assessment and troubleshooting.
Malware protection	Enables customers to provision endpoint containment capabilities and secure the endpoint either prior to granting access or during the user session.	Provides comprehensive network protection.

Ease of Use

The SA700 includes two different access methods. These different methods are selected as part of the user’s role, so the administrator can enable the appropriate access on a per-session basis, taking into account user, device and network attributes in combination with enterprise security policies.

Features	Features Description	Benefits
Streamlined administration process designed specifically for small/medium enterprises	Instant deployment and activation requires minimal IT knowledge.	Increased productivity for IT resources.
Dynamically provisioned user connectivity	At login, end users are immediately provisioned full connectivity as if running on the LAN, while important layered security functions run transparently. Users provisioned using the Core Clientless access method upgrade are restricted to administrator configurable Web-based applications.	Flexibility of allowing users access to different types of resources.
Simple, Web-based interfaces	Both the end user and administrator interfaces are simple and Web-based, facilitating quick and easy use.	Enables end user and administrator productivity.

Provision by Purpose

Features	Features Description	Benefits
Network Connect	Provides complete network-layer connectivity via an automatically provisioned cross-platform download.	Users only need a Web browser for access. Network Connect transparently selects between two possible transport methods to automatically deliver the highest performance possible for every network environment.
Clientless Core Web access (Available as an upgrade)	Access to Web-based applications, including complex JavaScript, XML or Flash-based apps and Java applets that require a socket connection, as well as standards-based email, files and telnet/SSH hosted applications. Core Web access also enables the delivery of Java applets directly from the SA Series appliance.	Provides the most easily accessible form of application and resource access. Enables extremely granular security control options.

Technical Specifications:

Model:	SA700
Model:
Dimensions
Size (W x H x D)	17.25 x 1.74 x 9 in (43.80 x 4.41 x 22.86 cm)
Weight	10 lb (4.53 kg) typical (unboxed)
Material	18 gauge (.048 in) aluminum
Fans	1 ball-bearing inlet fan, plus 1 CPU blower
Ports
Network Ports	Two RJ-45 Ethernet 10/100 Full or Half-Duplex (Auto-Negotiation) IEEE 802.3u Compliant
Console Port	One 9-Pin Serial Console Port
Front Panel Display
Front Panel Display	Front Panel Power Switch Power LED Access LED (Drive Access)
Power
Input Voltage and Current	90-264 VAC Full Range
RMS	4 A (RMS) at 90 VAC 2 A (RMS) at 264 VAC
Input Frequency	47-63 Hz
Efficiency	65% min, at full load
Output power	220 W
Power Supply Mean Time Between Failures (MTBF)	100,000 hours at 25^o C
Environment
Temperature Range Operating	41^o to 86^o F (5^o to 30^o C)
Operating (Short-Term) Temperature	32^o to 122^o F (0^o to 50^o C)
Non-Opertating Temperature	32^o to 122^o F (0^o to 50^o C)
Relative Humidity (Operating)	20% to 80% non-condensing
Relative Humidity (Non-Operating)	5% to 95% non-condensing
Altitude	Up to 10,000 ft (3,000 m)
Shock Operating	2 G at 11 ms
Non-operating	30 G at 11 ms
Certifications
Safety	UL (UL 60950-1 First Edition: 2003) CUL (CAN/CSA-C22.2 No. 60950-1-03 First Edition) TUV GS (EN 60950-1:2002) AS/NZS CISPR 22: 2002, Class B
Emissions	FCC Class B, VCCI Class B, CE class B
Warranty
Warranty	90 days; can be extended with a support contract

SA Series Comparison Matrix:

Model:	SA700	SA2500	SA4500, SA4500 FIPS	SA6500, SA6500 FIPS
Model:
Market Segment	Small to mid-size enterprises <250 total employees	Small to mid-size enterprises	Mid-size to large enterprises, government agencies	Large enterprises, service providers, large government agencies
Users	Remote or mobile employees, business partners, customers	Remote or mobile employees, business partners, customers	Remote or mobile employees, business partners, customers	Remote or mobile employees, business partners, customers
Access Method	Clientless Core Web Access Network Connect	Clientless Core Web Access Secure App. Manager Network Connect	Clientless Core Web Access Secure App. Manager Network Connect	Clientless Core Web Access Secure App. Manager Network Connect
Interfaces	Two RJ-45 Ethernet 10/100 Full or Half-Duplex (Auto-Negotiation) IEEE 802.3u Compliant One 9-Pin Serial Console Port	Two RJ-45 Ethernet 10/100/1000 full or half-duplex (auto-negotiation) IEEE 802.3u compliant IEEE 802.3z or IEEE 802.3ab compliant One RJ-45 serial console port	Two RJ-45 Ethernet 10/100/1000 Full or Half-Duplex (Auto-Negotiation) IEEE 802.3u Compliant IEEE 802.3z or IEEE 802.3ab compliant One RJ-45 Serial Console Port	Two RJ-45 Ethernet 10/100/1000 Full or Half-Duplex (Auto-Negotiation) Two SFP ports - Gig-E Two RJ-45 Ethernet 10/100/1000 Full or Half-Duplex (Auto-Negotiation) IEEE 802.3u Compliant IEEE 802.3z or IEEE 802.3ab compliant One RJ-45 Serial Console Port
High Availability	N/A	A/P, A/A, Stateful Peering, Clustering	A/P, A/A, Stateful Peering, Clustering	Plus redundant power supply, hard drive w/ real-time data mirroring, & additional memory

Documentation:

Download the Juniper Networks SA700 SSL VPN Appliance Datasheet (PDF).

Juniper Products
SA Series Appliances
Juniper Networks Secure Access 700 SSL VPN Appliance	#SA700 List Price: $1,500.00
Juniper Licenses
User Licenses
Add 10 simultaneous users licenses to SA700 - Network Connect by default. Core Clientless Access requires additional license (SA700-CORE)	#SA700-ADD-10U List Price: $995.00
Add 15 simultaneous users licenses to SA700 - Network Connect by default. Core Clientless Access requires additional license (SA700-CORE)	#SA700-ADD-15U List Price: $1,895.00
Add 25 simultaneous users licenses to SA700 - Network Connect by default. Core Clientless Access requires additional license (SA700-CORE)	#SA700-ADD-25U List Price: $2,495.00
Feature Licenses
Core Clientless Web Access for SA700	#SA700-CORE List Price: $995.00