1. Does the network connect ACTUALLY work on all OSs? Specifically we use the following: Windows XP, 7, Vista, Mac OS X (Snow), Ubuntu 9.10 AND CentOS 5
Should work. Need Java RE on Linux machines.
I did get it running on different linuxes, need to configure firefox to find java path. Works with suse, redhat, debian, ubuntu, but depends on versions of webbrowser and java, mostly no problem for linux experts.
2. Can we route ALL traffic through the network connect? We want it to be the gateway for our remote users so all their traffic appears on our IP subnets (essentially acting as a proxy)
You can configure anything you can imagine with split tunneling options.
Very flexible and easy to handle.
3. Does anybody have thoughts on lower cost alternatives to RSA for two factor support?
yes. watch this ..
https://login.bilfinger.netYou can use PIN authentication with "mouse clicks" as rudimentary "keyloggerprotection" if that is enough for your security.
Alternative (or additionally.. you can use clientcertificates.
RSA SecurID Implementation is anyway very easy and stable with IVE.
It supports ACE native protocol.
4. Remote Desktops / Terminal Services - can we set this up without using RADIUS? Basically we give RDP access to all of our remote techs; however, we don't need to give them individual user/passes, we want to hard code one user/pass login for them.
You can use local useraccounts on IVE local database and hardcode username/password on admin config very easily.
But i love radius.. When you plan authentication via active directory, trust me - radius is easy, stable and fast. IAS Radius is installed and configured on DC in 20 Minutes!
5. Are there RDP clients built in for Linux and Mac? i.e. Microsoft has a client for mac which the Barracuda uses, and then the Linux uses use Rdesktop.
Dont think so. But you can use free linux rdp clients and let them connect via network connect vpn tunnel or jsam maybe.
6. Are there options to use the VPN on a iPhone? Or would we need to setup a separate PPTP/LT2P server for this?
Depends on your requirements. If iPhone does run JAVA it "could" work, never tried out. If users only need clientless access via webbrowser on intranet webpages or fileshares, you can do this with any browser and enddevice.
7. For those users who use network connect, is it possible to setup the web interface to just add "bookmarks" - i.e. there are some fairly complex internal applications which haven't worked properly through other SSL VPNs via web forwards, but we have a TON of internal apps, so some users will use network connect to gain local access to the network, but we want the interface to give them essentially direct bookmarks so they don't need to have an updated bookmark list on their laptop.
Clientless webaccess via rewrite engine, and accessing internal ressources via local client webbrowser and network connect are two separated methods. The webbookmarks on IVE webportal dont have anything to do with network connect. IVE also supports "passthrough proxy" for websites which cannot be rewritten, helps sometimes.
8. Can we set it to allow the use of a public IP range rather than an internal range?
You can use any range you can imagine, just routing has to be fine.
I am not a Juniper man - but i really love this IVE system.
You cant go wrong with it - very flexible, stable.
Dream Mashine. I tried it all out - Citrix AG, Cisco ASA, Avantail - but once you go Juniper Secure Access you ll never go back.
