A new administrative option in Juniper Networks SA4500 FIPS and SA6500 FIPS SSL VPN Appliances now allows the FIPS mode in Network Connect to be enabled or disabled, with enabledÓ being the default state.
Previously, Network Connect (NC) functioned only in FIPS mode when connected to SA Series FIPS appliances.
When FIPS mode in NC is disabled, NC will attempt to connect via ESP transport mode by default.
When FIPS mode in NC is enabled, NC connects only via SSL transport mode.
When FIPS mode in NC is disabled, NC will connect successfully to a FIPS appliance with a certificate chain that rolls up to a private certificate authority (CA), which is not deployed as a trusted certificate to the end userÕs device.
(In FIPS mode, however, NC will reject such an untrusted certificate chain and prevent VPN access to the FIPS appliance.)
This capability provides users with flexibility in connecting to FIPS appliances from unmanaged devices like home PCs or Mac OS devices.
Please feel free to test this new enhancement and if you have any questions or suggestions around this feature we would be more than happy to answer it for you at the earliest.