cancel
Showing results for 
Search instead for 
Did you mean: 

Juniper SSL VPN VS F5 APM

Highlighted
Not applicable

Juniper SSL VPN VS F5 APM

Hello,

 

Is there anyone here familiar with the differences between these two appliances?

Which is better? What are the major differences that could tip the balance ?

 

 

Thanks

2 REPLIES 2
Highlighted
Occasional Contributor
Highlighted
Contributor

Re: Juniper SSL VPN VS F5 APM

I did trials with both


Both products offer almost all the same features as the other.

 

I would say F5 has slightly more flexibility because you basically string together your access portal using a Visual Policy Editor.  This allows you to literally create the workflow of how the portal works, from the login page, to auth, to what resources are available.  That's not to say it does more than Juniper because of it, but it does give you maximum control, which can be attractive to some people.  F5 also lets you use their iRules (IP traffic manipulation) with APM which is a very powerful capability, if it's needed.

 

One thing F5 APM doesn't offer is a web based access method to file shares.  it was available in Firepass but it hasn't made it into APM yet.

 

Juniper is 100x easier to configure and manage as an admin.  Yes it's THAT much easier,   I watched a couple short video's from someon YouTube on initial device configuration and that's all it took for me to fully understand how to get my Juniper demo VM fully deployed on my network with clientless and client based access.  As I started to dig further into the feature set, I found Juniper's documentation and general informationa vialable online to be much more easier to work with and get me to my goal much faster compared to F5.

 

F5 offers APM as a virtual appliance.  Juniper only offers it in a VM for service providers.  One of the potential advantage of F5 offering APM in a VM is that with the way the bundling works, you end up getting the FULL F5 product suite licensed.  This means you get to use almost every product F5 offers all from that single VM.  So if you have interested in load balancing, global load balancing, application firewall, etc., you can potentially kill many birds with one stone.

 

But, if you want to stick with hardware, F5 appliances are rather pricey, but their concurrent user licening costs are well below Juniper so it helps balance it out.   Depending on your user count, there can be a pretty huge difference in price between the two.  I don't want to talk pricing publically in the forum but if you want to PM me I can provide more detail.

 

I talked with some peers who work at very large organizations and they all used Juniper for SSL VPN.  When I posted on various forums online, I got the most recommendations for Juniper.  A few people pointed me towards F5 APM but none of them actually had used it themselves.

 

 

I ended up picking Juniper. 

 

PS - The 3 links provided are rather old and these products have been through a decent amount of changes since the publish dates.. Case in point, the newest article is dated 2011 and it says there is no Host Checking for Mac and Linux from Juniper, and that's no longer accurate.   One article is 2005 so that should be entirely ignored.  The other article from SearchSecurity has no date but given it talks about an SA-6000 which end end of sale Jan 2010, that article is probably from mid-2009 at best.  Both of the newer articles are also about Firepass, not APM, and while similar, they are not 100% identical.