JUNIPER NETWORKS PRODUCT BULLETIN

Similar documents
CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Juniper Sky Enterprise

PULSE CONNECT SECURE APPCONNECT

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Junos Pulse Mobile Security Gateway

Juniper Sky Advanced Threat Prevention

JUNIPER OPTIMUM CARE SERVICE

Junos Pulse Mobile Security Gateway

Secure Remote Access with Comprehensive Client Certificate Management

JUNIPER SKY ADVANCED THREAT PREVENTION

Juniper Care Plus Advanced Services Credits

Junos Genius FAQs. What is Junos Genius? How can I access the Junos Genius platform? What learning assets are available on Junos Genius?

Juniper Networks. Junos Pulse on Mobile Release 2.0. Android build #7687. BlackBerry build #154. Apple ios build #8059. Juniper Networks, Inc.

Junos Pulse for Google Android

Contrail Networking: Evolve your cloud with Containers

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Service Automation Made Easy

Enterprise Guest Access

CONFIGURING THE CX111 FOR THE SSG SERIES

Topology-Independent In-Service Software Upgrades on the QFX5100

Extending Enterprise Security to Public and Hybrid Clouds

MOBILE SECURITY, SECURE ACCESS AND BYOD AS A SERVICE. Jonas Gyllenhammar NNTF 2012

SDSN: Dynamic, Adaptive Multicloud Security

Product Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways

J-Care Agility Services Advanced Options

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

CONFIGURING THE CX111 FOR THE SSG SERIES

Optimizing CloudEnabled Branch with. Juniper Services and Support. Protect and Ensure the Operational Success of Your Juniper Cloud-Enabled Branch

Juniper Solutions for Turnkey, Managed Cloud Services

WX CENTRAL MANAGEMENT SYSTEM

JUNOS SCOPE SOFTWARE IP SERVICE MANAGER

JUNIPER CARE SERVICES

Juniper Networks Champion Program

JUNOS PULSE MOBILE SECURITY SUITE. Stallion Winter Seminar Jukka Piirainen & Jani Ripatti

KACE GO Mobile App 4.0. Release Notes

Junos Pulse Supported Mobile Platforms

KACE GO Mobile App 5.0. Release Notes

FIREFLY HOST. Product Description. Product Overview DATASHEET

ForeScout Extended Module for MaaS360

Product Description. Product Overview DATASHEET

This guide provides information on...

Junos Pulse Supported Mobile Platforms

Instant evolution in the age of digitization. Turn technology into your competitive advantage

ForeScout Extended Module for MobileIron

Juniper Networks Certification Program

WX Client. Product Description. Product Overview DATASHEET

Junos Pulse Mobile Security Dashboard

KACE GO Mobile App 3.1. Release Notes

Product Description. Architecture and Key Components of the MAG Series Junos Pulse Gateways. Product Overview DATASHEET

Juniper Care Plus Services

SEPARATING WORK AND PERSONAL

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

Juniper Advanced Services: Which Offsite Program Is Right for You?

ForeScout Extended Module for VMware AirWatch MDM

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

Pulse Workspace Appliance. Administration Guide

Coordinated Threat Control

Junos Pulse MSS MSG Release 4.2R1

Juniper Secure Analytics

AirWatch Mobile Device Management

Software-Defined Secure Networks in Action

Extending Enterprise Security to Public and Hybrid Clouds

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Junos Pulse Mobile Security Dashboard

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Juniper Networks and Aerohive Networks: Cloud-Enabled Solutions for the Enterprise

SECURE, CENTRALIZED, SIMPLE

NSM Plug-In Users Guide

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

Network and Security Manager (NSM) Release Notes DMI Schema

JUNOS SPACE ROUTE INSIGHT

Juniper Networks Live-Live Technology

Product Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways

VMware AirWatch Integration with RSA PKI Guide

JUNOS SPACE. Product Description. Product Overview

Azure MFA Integration with NetScaler

Policy Enforcer. Product Description. Data Sheet. Product Overview

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Integration Guide. LoginTC

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Deploying Data Center Switching Solutions

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Integration Guide. SafeNet Authentication Service. SAS using RADIUS Protocol with WatchGuard XTMv. SafeNet Authentication Service: Integration Guide

ForeScout Extended Module for Carbon Black

Mobility Manager 9.5. Users Guide

WHITE PAPER. Good Mobile Intranet Technical Overview

VMware AirWatch Integration with SecureAuth PKI Guide

Cloud-Enable the Enterprise with Junos Fusion

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

Junos Pulse Mobile Security Gateway

Web Device Manager Guide

SETTING UP A JSA SERVER

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Junos Pulse Secure Access Service

Deploying Cisco SD-WAN on AWS

NSM Plug-In Users Guide

Lookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management

Transcription:

PRODUCT BULLETIN JUNIPER NETWORKS PRODUCT BULLETIN Junos Pulse Mobile Security Suite 4.2 What s New for Enterprises and Service Providers Bulletin Date January 24, 2013 Bulletin Number 8000022 Applicable to All Regions Effective Change Date: January 28, 2013 Introduction This Product Bulletin describes the new features and functions available in Juniper Networks Junos Pulse Mobile Security Suite version 4.2 for enterprises and service providers. It assumes familiarity with Juniper Networks Junos Pulse 4.0 and 3.x, as well as the Junos Pulse Secure Access Service (SSL VPN). Junos Pulse Mobile Security Suite 4.2 continues to extend the reach of enterprises to manage personal or corporate-issued mobile device features, services and apps, and Bring Your Own Device (BYOD) initiatives, while addressing the requirements of government agencies and security conscious enterprises for Federal Information Processing Standard (FIPS) compliance. Junos Pulse Mobile Security Suite 4.2 also simplifies and eases the burden on service providers and by extension, their enterprise clients to address required changes and enhancements quickly and simply. 1

New Features for Junos Pulse Mobile Security Suite 4.2 Table 1. New Junos Pulse Mobile Security Suite 4.2 Features by Mobile OS Junos Pulse Mobile Security Suite 4.2 Features Junos Pulse Federal Information Processing Standard (FIPS) support Enterprise Service Provider Google Android Apple ios 4 4 4 4 Apple ios MDM profile enhancements 4 4 4 BlackBerry Android UI enhancements 4 4 4 SMS proxy enhancements 4 4 4 4 Application messaging for Junos Pulse 4 4 Junos Pulse Mobile Security Gateway 4.2 Features Enterprise Service Provider Server API enhancements 4 Junos Pulse Mobile Security Gateway status page additions 4 New device profiles 4 4 New Features for Google Android in Junos Pulse Mobile Security Suite 4.2 Junos Pulse FIPS Support Federal Information Processing Standard (FIPS) is a requirement for most software run today by U.S. federal government agencies. FIPS is also a fast growing requirement for many security conscious industries such as financial services. Junos Pulse 4.2 supports FIPS 140-2. The FIPS 140-2 standard requires Junos Pulse to use specific cryptographic algorithms approved and implemented by a certified cryptographic module. In addition, there is a requirement to support Suite B transport layer security (RFC 6460), which is implemented in the Transport Layer Security (TLS) 1.2 module. When running on ios and Android devices that support VPN, Juniper Networks Junos Pulse mobile client application enables the VPN data channel to be FIPS compliant, for even more stringent, secure communications. The option to establish a FIPS compliant VPN data channel is provided by Juniper Networks MAG Series Junos Pulse Gateways running Junos Pulse Secure Access Service, the FIPS-compatible SA6500 FIPS SSL VPN Appliance, or the SA Series SSL VPN Virtual Appliance, once the Junos Pulse client successfully authenticates to the gateway or virtual appliance. Junos Pulse s FIPS support makes use of a third-party, FIPScertified library offered by Apex Assurance Group (http:// apexassurance.com). Apex s third-party library is built on top of OpenSSL 1.0.1, replacing the OpenSSL library to which Junos Pulse has been linking. The Apex library offers OpenSSL-like functions, and SSL connections can be established using this library in both FIPS mode and non-fips mode. The mode can also change without shutting down the application so that Junos Pulse can connect to one Juniper SSL VPN gateway, appliance, or virtual appliance in FIPS mode, and later connect to another Juniper SSL VPN gateway, appliance, or virtual appliance in non-fips mode. On a Google Android device, when the FIPS option has been enabled, and after a VPN tunnel has been successfully established, the VPN notification message will indicate that the connection is FIPS compliant with a notification that reads VPN Connected FIPS. For Junos Pulse clients running on either Android or ios, the VPN Status screen will display an additional message indicating that the VPN data channel is FIPS compliant. Android User Interface Enhancements There are a number of new Android user interface enhancements in Junos Pulse Mobile Security Suite 4.2 based on customer feedback, including: 2

The Junos Pulse splash screen has changed slightly. The Main Security Screen has not changed. In version 4.1, the Scan button was at the top of the screen. In version 4.2, the Scan button is now at the bottom of the screen. In version 4.1, the user could select the drop down arrow to view the actions that can be taken on the threat. In version, 4.2, though, the user selects the threat and is taken to the threat detail screen. The threat detail screen has been redesigned in version 4.2, and a Remind Me button has replaced the Whitelist function In version 4.1, there was a Whitelist option to allow suspicious apps to remain on a user s device. In version 4.2, there is a Reminder function for this. In the Reminder option in version 4.2, selecting the Never option will cancel the alert. If a Reminder has been set on an app, there will be an icon displayed on the list item for that app. 3

Clicking on the icon in the list item will bring up a menu which is used to turn off the reminder for that app. A different icon will then be displayed, indicating that the reminder has been turned off. Scanning on version 4.1 took place on a separate screen. In version 4.2, scanning takes place on the main detections screen. In version 4.1, when the scan was completed, the user had to click the OK button if no threats were detected, or the View Detections button if threats were detected in order to view the threats. In version 4.2, the user is directed immediately to the detections screen following a scan, where the results of the scan are shown. Results of the scan showing that there were no threats detected. 4

The settings screen in version 4.2 is very similar to the setting screen in version 4.1. The user can see the update status directly on this screen. The antivirus/antimalware settings screens are also similar. There are 3 full scan and profile timeframe options in version 4.2. In version 4.1, the user would select Update from the settings screen, and would then be sent to another page to click on the Update selection. In version 4.2,the user can start an update directly from the settings screen. SMS Proxy Enhancements (for service providers only) The short message service (SMS) proxy is a critical component of our software-as-a-service (SaaS) infrastructure for both Juniper and service provider hosted instances of Junos Pulse Mobile Security Suite. SMS proxy provides enhanced control over SMS routing from the Junos Pulse Mobile Security Gateway servers to different third-party SMS aggregators, improving SMS coverage and reducing costs. It is now impossible for a single third-party SMS aggregator to reliably service all customers globally. Many times customization by Professional Services is required to meet a service provider customer s geographic requirements. This feature delivers SMS proxy for Pulse Mobile Security Suite, which simplifies any necessary enhancement or change in the SMS aggregator. It also enhances the current capabilities in Pulse Mobile Security Suite to improve the performance, functionality, and stability of the SMS proxy. In addition to the current SMS aggregators supported in Pulse Mobile Security Suite, SMS proxy includes the ability for customerdefined and carrier-specific SMS aggregators to be supported. Additionally, routing rules can now be created based on the country code of devices, allowing for country-specific aggregators to be used for SMS delivery. Application Messaging for Junos Pulse (for service providers only) Application Messaging enables a service provider with a dedicated instance of Junos Pulse Mobile Security Gateway to send a short text message and URL hyperlink to a Junos Pulse client running on an Android device, through the server APIs in Pulse Mobile Security Gateway. The Junos Pulse client on the Android device will then notify the user of the message through the standard alerting mechanism, and allow the message and URL to be displayed within the Junos Pulse client. The user can click on the URL, and will be taken to the appropriate website for further information. 5

Junos Pulse is considered the trusted security application residing on mobile devices, and messages sent with this feature will be given a higher priority and more attention than either e-mail or SMS, which may be considered as spam. Application messaging can be integrated with the service provider s backend systems and used for such things as notifying users of various account activities, providing important announcements, or even launching Amber Alerts and other emergency messages. New Features for Apple ios in Junos Pulse Mobile Security Suite 4.2 Apple ios MDM Profile Enhancements In Junos Pulse Mobile Security Suite today, Apple ios profiles configured on a Junos Pulse Mobile Security Gateway console only define an ios mobile device management (MDM) policy or configuration. The defined policy or configuration consists of each of the sub elements such as tabs in the Pulse Mobile Security Gateway console, and payloads in the Apple ios definition deployed to the device which comprise the entire MDM configuration. Currently, when any part of the MDM configuration is changed in the Pulse Mobile Security Gateway console, the entire configuration is delivered to the ios devices associated with that particular configuration. For instance, when the Microsoft Exchange ActiveSync (EAS) sub element is defined within a definition, it forces users to supply their password each time any element within that definition changes, which can be frustrating and onerous. To avoid the need for users to enter their password each time an element which includes EAS settings requires a change, the EAS configuration will be isolated from the remainder of the profile deployed to the ios device. Therefore, only when the EAS definition is modified will it need to be redeployed to the ios device, and force the user to supply Exchange credentials. Junos Pulse FIPS Support Please see description (above) under New Features for Google Android in Junos Pulse Mobile Security Suite 4.2. SMS Proxy Enhancements (for service providers only) Please see description (above) under New Features for Google Android in Junos Pulse Mobile Security Suite 4.2. New Features for BlackBerry in Junos Pulse Mobile Security Suite 4.2 SMS Proxy Enhancements (for service providers only) Please see description (above) under New Features for Google Android in Junos Pulse Mobile Security Suite 4.2. New Junos Pulse Mobile Security Gateway 4.2 Features/Enhancements Server API Enhancements Functionality currently exists in the Junos Pulse Mobile Security Suite server APIs to create an enterprise and address the majority of settings available through the Junos Pulse Mobile Security Suite console. For service providers who plan to automate the creation of enterprises, it is required that all settings be available through APIs. Also, these same service providers require the ability to read current enterprise settings, and update enterprise settings through the API. Junos Pulse Mobile Security Suite 4.2 enables server APIs to support the creation, reading, and updating of all settings that are available currently through the Pulse Mobile Security Gateway console. For more information on server APIs, please refer to the Junos Pulse Mobile Security Suite API Guide. This feature is particularly useful for a service provider customer who has an existing order entry and provisioning portal through which enterprise customers purchase additional services, or one who has created a simplified portal allowing their customer support staff to create new enterprises when a customer signs up for service. New Device Profiles New device profiles are available in Junos Pulse Mobile Security Suite 4.2. New device profile settings which can be created include: Update schedule User interface mode Allows the appropriate administrator to define the UI mode settings in a security profile. Antivirus profile Enables administrators to define the antivirus settings in a security profile. Monitor and control profile Lets administrators define the monitor and control settings in a security profile. Mobile device firewall profile Allows administrators to define the mobile device firewall settings in a security profile Antispam profile Enables administrators to define the antispam settings in a security profile. SIM change profile Lets administrators define the SIM change settings in a security profile. Device profiles are associated with mobile devices. If a device profile is modified, the mobile devices associated with that profile are automatically updated. A default profile will be available and automatically associated with new mobile devices when they are added. Mobile devices existing when Pulse Mobile Security Suite is upgraded to version 4.2 will retain their existing settings, in read only mode, until the device is associated with a profile. Pulse Mobile Security Suite 4.2 provides a standard default profile that can be applied to new devices, assisting in getting new devices up and running quickly and simply. Administrators may also select multiple profiles to delete. There should always be an association with a default profile, and therefore, a default profile cannot be deleted. This feature also enables an administrator to select a list of devices to apply a security profile, as well as to un-assign devices from a specific security profile. 6

Support for creating new mobile device profiles has been included in the latest Junos Pulse Mobile Security Gateway console. The new device profiles are also supported by APIs, enabling integration by service providers. About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. Screen shot of Junos Pulse Mobile Security Gateway New Profiles Junos Pulse Mobile Security Gateway Status Page Additions The status page in the Junos Pulse Mobile Security Gateway has been updated to display a variety of system status information for an administrator. This status page is available at the enterprise, partner, and root levels, with status information customized for each level. For example, the mobile handset count at the enterprise level will show only the number of mobile handsets in the system for that specific enterprise. However, at the partner level, the mobile handset count will display the total number of mobile handsets for all enterprises under that partner. This feature will help in diagnosing problems and troubleshooting situations where a Pulse Mobile Security Gateway administrator does not have access to tools other than the Pulse Mobile Security Gateway console itself. Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: 31.0.207.125.700 Fax: 31.0.207.125.701 To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller. Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 8000022-001-EN Jan 2013 Printed on recycled paper 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback