New Hardware: MAG2600 Junos Pulse Gateway 28

The March pricelist (available to partners/resellers) is out and with it brings the MAG2600!  Okay, so the MAG2600 has actually been available since November as the Enterprise Guest Access (EGA) solution, but now it has moved over to the SSL VPN as well.  And that was the plan all along: build one box that could serve both UAC and SSL VPN modes of operation (just not at the same time).

FAQ:  Does this replace any existing hardware?
Answer:  You bet it does!  It immediately replaces the SA700 appliance and even the SA2500!  (although those models are still available as well if you want to go with those instead)

Built to handle 100 concurrent users and roughly about the size of a brick, this small footprint appliance is poised to quickly overtake the SA700 and SA2500 products.

Building on top of the new Common Access Licenses for the X500 series hardware, you will also find the X600 series hardware licenses are now available.  If you want to go with one of these appliances (an what SMB customer wouldn’t?), here’s all you need to know:

Software: Runs IVE 7.1 or higher (sorry, no backward compatibility on the software)

Hardware: MAG2600 (Just one is needed, but feel free buy as many as you like)


Single Appliance Licenses (stackable up to the maximum of 100 concurrent users, of course)
MAG2600-LICENSE-MBR (allows a single MAG2600 to obtain leased licensing from the optional enterprise license server)
Bulk Enterprise Leased Licenses (installed on the optional license server for leasing to multiple X600 appliances)

Leave a comment

Your email address will not be published. Required fields are marked *

28 thoughts on “New Hardware: MAG2600 Junos Pulse Gateway

  • Matthew Elmore

    What’s the advantage of the MAG2600 over the SA700?

    Does it still have a traditional HD or is it all non-volatile parts now?

    Are there any features lost (Network Connect, for example)?

  • KevinPeterson Post author

    Overall the MAG2600 is a more capable box with scalability across both the SA700 and the SA2500 ranges. The SA700 actually started off as the RA500 and has lingered just about as long as it possibly could. The SA700 is now a big target for EOL (end-of-life).

    It does have a traditional HD. We looked at the SSD options but just decided they were not cost effective enough. A nice luxury, but really not required in any meaningful way.

  • Chris


    How about the Secure Meeting license when used on MAG2600? I don’t see a SKU in the price list for it, just on the SAX500 appliances.

  • KevinPeterson Post author

    Secure Meeting is undergoing some slight…shall we say…tweaks?. Anyway, one of my colleagues is working on it now and we should have some updates in the next 45 days or so. In the meantime, Secure Meeting on the SA4500 and SA6500 will do the trick and I suspect there will be many customers going forward who will just use those appliances as dedicated Secure Meeting servers.

  • PBB

    Hi Kevin,

    Can the MAG2600 act as a license server? If so, would it be able to hand out ACCESSX500-ADD-* licenses to SA4500’s, eg? Thx!

  • Tobias Glasow

    Hi Kevin,

    what about A/P Clustering with the MAG2600?

    As far as i can see, it does *ALL* a SA-2500 does, like

    – acting as a license server
    – having all SSL-VPN features on it (except secure meeting)
    – working with up to 100 concurrent users

    So, why should we continue to offer/use sa-2500? or is there really no need to do that?


  • KevinPeterson Post author

    It will support A/P and A/A clustering (A/A with an external load balancer), but worth noting is that the latency requirements are <= 150ms so multi-site WAN clustering should probably be avoided. In fact, we are not even going to claim multi-site support on this one.

    We expect that SA700 customers will immediately favor this appliance and even SA2500 customers will start moving in this direction rather quickly.

  • Tim

    I see conflicting information depending on if it is the Juniper site, your site, other web site and resellers. Is the MAG2600 like a SA 2500 and does it do SSL VPN access (web portal) for our remote workers? I need to support our remote employees who can’t load software on their customer located systems. They have been using a SA device for web portal and VPN but our group is breaking off onto a seperate network.

  • KevinPeterson Post author

    The MAG2600 is indeed on par with the SA2500, only newer. It runs the same software, which is where all the features reside.

  • Chris

    Given the small size of this unit, do we have a rack mount kit for it? I don’t see anything in the price list to that effect.

  • KevinPeterson Post author

    We are working on one, but it will likely not be available before July.

  • IHE-FR

    Hi Kevin, concerning A/P clustering with MAG 2600 boxes, will it be available soon ? and how will work the licensing ? Like on the X500 boxes with special SKU ? We want to upgrade some customers using SA700 to A/P clustering. Thanks in adv, Regards.

  • IHE-FR

    Thanks a lot Kevin for the link (and … sorry for asking an already answerd question :-) !

  • Joe

    We have a Netscreen SA1005, although system maint – platform shows SA-2000, running software ver 6.0R12.

    We use the following heavily. Are they all supported on the MAG2600, or should we get the SA2500?

    1) Windows File Bookmarks – UNC to share
    2) WSAM – port 3389 only for RDP
    3) Terminal Services – Uploaded ICA for Citrix
    4) Intranet Web Links
    5) Support Meeting – Win XP thru 7

    Only reason we need to upgrade is for home user 64bit OS support.

    A) Does the MAG2600 have all the above and 64bit Home and Pro support for WSAM?

    B) Is the SA2500 being replaced by the MAG2600?

    C) We have been told by two different Juniper reps something different in regards to the web GUI. Is the GUI on the MAG different for admins / End Users vs the SA1005 / SA2500?

  • KevinPeterson Post author

    Joe — The software is the same across all the platforms and none of the features mentioned have been deprecated, so you shoudl be all set to go with the MAG2600. The admin and user experience will be the same.

    The MAG2600 is most definitley designed to be the next generation replacement for the SA2500 as well as the SA700.

    To migrate from hte SA1005 you just need to load 7.1 (the last version that will run on it anyway), export the configs, and then import them into the new appliance, which will of course also be running 7.1.

  • Oliver

    Hi Kevin,

    I use a SA2500 without a additional userlicence, because there are 2 user incl. the base licence sonce IVE 7.x.

    Do I have the same 2 users with a MAG2600 without additional userlicence?

    I know that Juniper like all other vendors live from selling userlicences and give the hardware for less.
    But I m the smalest Reseller and need a unit for my lab.

    The box I could buy over PPC, but the the add user licences are to expensive for me.

    Thank you for an answer


  • KevinPeterson Post author

    All of our appliances come with at least 2 users. 1 is there because you have to be able to log in as an admin and the other(s) because we want customers to be able to try it out with a few users even when no licenses are installed. We also have the virtual appliances (free) on the support site.

  • John Cloutier


    I am just firming up your reply above about the MAG2600 appliances coming with at least 2 users. I have had various opinions from differnt sources with both yes and no answers. I know you are the king when it comes to this product but is there anything on paper that state the base licenses with the MAG?



  • KevinPeterson Post author

    Yes, they all ship with 2 users. We have to have that in order for admins to be able to log in and perform the initial configuration and user test, even if the licenses haven’t been loaded.

  • FrankO

    Kevin, I thought licneses are sharad accross SA/MAG clusters now , eg, one 50u licenese on the primary of a MAG2600 A/P cluster is all that is required to provide 50u concurrent on the primary, or 50u to the secondary if failover occurs?

  • Jack Bloom

    I realize I might be asking an obvious question. Does that device include everything it needs to operate standalone? Do I need some kind of access control server/appliance, or I can only buy this device with user licenses and operate it apart. Thanks

  • Josh Cullum

    Hi Kevin,

    Sorry to ask the dumb question.

    We have currently got an SA4500 with IVS, we supply SSL-VPN as a service when an organisation buys a VPS from us, we then setup a virtual system, such as organisation A, and assign it to a specific internal vlan,, with an assigned external virtual port, and a public ip address. Now we then sell the same to organisation B, who has another assigned specific Internal vlan,, with another assigned external virtual port and a different public IP address, to keep both organisation SSL-VPN’s separate. This allows them to access the management ports (22,21 etc) only through their SSL-VPN.

    The question is this., to replace the hardware (as we are into our hardware refresh period), would we be able to replicate this on the MAG2600, (Obviously not quite the same way as IVS isn’t support) or would we have to buy an SA virtual Appliance that could run on XenServer?