This discussion may have already taken place before, so apologies in advance.
We are looking for an SSL VPN solution and I have been pushing for the JSA boxes, but it seem's we maybe running a test with the Palo Alto Firewalls.
Given that the PA boxes are designed by the same guy who designed the JSA, what are peoples thoughts on the SSL VPN functions between the two boxes?
Is there things you can do with the JSA that you cant with the PA box and vice versa?
We just got a small Palo Alto in house also. Havent had time to kick the tires on it yet. NetConnect certainly has been around a lot longer. The PA has some nice features as far as AppID. I guess it depends on how many people will be using the SSLVPN. I get the sense the PA VPN would be fine for a small to medium deployment. Keep in mind that the box is primarily a firewall and not a Remote Access Platform.
We have a saying in my group, " Let the firewall firewall ". All in one makes us nervous.
If I were you I'd do a small pilot and decide for yourself.
We have both and they really don't compete as an SSL VPN solution unless your Juniper SA is used as a Network Connect only box.
When someone says "SSL VPN" it means different things to different people/companies. In the Juniper SA sense it's the full rewriter with lots of other features. Basically you can do remote access with only a browser, but it also does more. For other people it just means an IPSEC VPN that uses HTTPS in place of IKE for authentication and ESP (and possibly SSL for fallback) as a transport. If a vendor that has an IPSEC only VPN product adds the ability to authenticate their VPN with a web browser instead, they then market that as an SSL VPN.
Netconnect is basically like this and compares similar to the dynamic vpn in Juniper SRX firewalls or Network Connect. It is not URL rewriter.