Currently our Windows users who use email externally get the Pulse client pushed and this Pulse client is configured to use WSAM to tunnel email trafffic to our Exchange server. We'd like to achieve the same for our Mac users (now we get more and more Mac users).
I understand that WSAM doesn't work on Mac and we've tried JSAM (but users understandebly do not like the Java hassle). We also like to offer a consistent experience to the users therefor our preferred thought is to offer the Pulse client to them as well. I understand we then need to configure a VPN tunnel.
My question is, what are the best options to serve Outlook email to our Mac users via the Juniper SA SSL VPN.
Would there be any benifit in upgrading to version 8.0R2? We're currently on 7.4R6.
If you are going to Pulse on Mac than you are looking at layer 3 SSL VPN tunnel, and the restrictions are all protocl, IP and port based. There won't be a way to restrict just the Outlook application on Mac to go across the tunnel, it will be all traffic from the computer that has a SSL VPN tunnel connected through Pulse that can go across the tunnel, based on tunnel config.
If you want to keep things as restrictive as possible and are using split tunneling then just specify the IP address of your Exchange CAS server. If you are not using split tunneling then you will use Access Policies to restrict the allowed traffic across the tunnel
Additionally, with the Access Control rule, you can restrict traffc down to a protocol and port (such as TCP/443 for the IP of the CAS server). This same use in Access Control policy can also be layered with split tunneling as split tunneling config only lets you specify IP's and not protocols or ports.
All of this is defined under Resource Policies/VPN Tunneling
Here is a use case scenario form Juniper Tech Docs that uses Access Control to restrict traffic as much as possible: http://www.juniper.net/techpubs/en_US/sa8.0/topics
I don't believe much has changed here in SA 8.0 software but you may want to upgrade to 7.4R9. 7.4R7 added official support for OS 10.9 which will be important for supporting Mac environment, and you may was well jump up to 7.4R9 sin that case.