Showing results for 
Search instead for 
Did you mean: 

Juniper SSL VPN vs Citrix Access Gateway

Regular Contributor

Juniper SSL VPN vs Citrix Access Gateway

hey there,

some people here are planning to replace the juniper SA's with the citrix access gateway to save costs.

does anyone know the access gateway and its functionality? any pros / cons in comparison to the IVE? whats the IVE doing better, which features does it have, that the CAG doesnt?


Occasional Contributor

Re: Juniper SSL VPN vs Citrix Access Gateway

My experience is not based on ownership/usership of CAG, only what I've heard to be the strengths of IVE vs. CAG:

1. Juniper is great at connecting to non-Citrix-published resources, SAM and NC should be able to connect users to just about any resource.

2. The web-rewrite functionality is excellent on IVE, making the traditional "DMZ" unnecessary in most cases.

3. The activesync proxy is fantastic.

4. The VDI support is fantastic and works very well.

5. I've heard that CAG does not "work" as well as IVE, and that IVE is much easier to config.

I would say the reasons for CAG over IVE would be as follows:

1. Licensing- IVE licensing is not getting cheaper, and clustering makes this even more challenging. If you are a platinum SA Citrix licensee, though the CAG connections are built-in.

2. Waiting for Juniper to catch up to Citrix on functionality (Citrix receiver on iPhone being the prime example today). This becomes very difficult to justify very quickly.

3. At some point IVE may become redundant in your environment. As Citrix closes in on both the load-balancing (NetScaler) and application access fronts, Juniper is being squeezed in the middle. If Citrix is the only place where remote users connect to apps, then IVE is already redundant.

If you are a platinum Citrix SA customer, running the CAG virtually will cost you nothing. So running alongside the IVE makes sense in that case, and will only give you more options. My experience is that there will always be apps which either don't run on Citrix or require a "fatter" VPN client like SAM or NC, so there's no reason to throw the baby out with the bathwater, especially if excercising both options doesn't increase the costs.

Hope that helps.