Showing results for 
Search instead for 
Did you mean: 


meftahur rahman_
Occasional Contributor


Hi guys,

I am in a bit of fix here with JSAM.I have joined as a VPN admin in a company and they use juniper ssl VPN's.I am having a problem understanding what JSAM is.
In a standard juniper document i found the following details:

The Java version of the Secure Application Manager (J-SAM) provides secure port
forwarding for applications running on a remote machine. J-SAM works by directing
client application traffic to the J-SAM applet running on a client machine. The IVE
assigns a unique IP loopback address to each application server that you specify for a
given port. For example, if you specify:,,
and for a single port, the IVE assigns a unique IP loopback
address to each application:,, and respectively.

I did understand what basically JSAM does (reverse proxy) but i didnot understand what those loopback ip's the document says about and why the loopback ips are used?

Can someone describe in lay man terms how the whole JSAM thing works (with these loopback ip's).
I will be very thankfull to anyone who gives an answer.
Super Contributor


WSAM and JSAM are the middle ground between a pure web ssl connection and a Network connect operation that gives you an ip address in a pool on the SA appliance. With WSAM/JSAM the ip proxy is still the SA address and the traffic is tunneled on this ssl connection to the local machine.

WSAM uses windows interfaces to bind right to the local machine ip address for these tunneled connections. JSAM is limited by the java sandbox so does the tunneling to the loopback address instead.

The basic premise in the deploy is to try to publish applications in the least intrusive way for the client. If they won't work in a pure web ssl interface, WSAM/JSAM provide client components that may not require any admin rights to deploy and allow easy on/off of the component. This is especially true with the JSAM as many machines have the java virtual machine available.

Network connect (and now the Junos Pulse client) allow full layer 3 network ip connections for those applicaitons that require that to function.

This sales demo gives a good high level overview of the different technologies in the SA box.

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) -