Is IE 7 Limiting Remote Access SSL-VPNs?

Microsoft’s Internet Explorer 7 web browser has been generally available for nearly three weeks now.

Yet despite its availability and the fact that it was available in beta and release candidates for testing for an even longer period of time, IE 7 may well be presenting barrier to remote access via SSL-VPNs (Virtual Private Network).

SSL-VPN vendor Aventail issued a release this week claiming that they were the first and only SSL-VPN to officially support IE 7. SSL-VPNs are an increasingly popular form of VPN that typically only requires a web browser for a user to obtain remote access to enterprise network assets.

“Aventail has worked directly with Microsoft to understand the changes they have made in IE 7, as well as the further changes planned for Vista, and has modified our product appropriately,” Sarah Daniels, vice president of marketing at Aventail, told “Aventail was responsible for the testing to ensure that we are IE 7 compatible.”

When contacted by to comment about whether Aventail’s claim is accurate, Microsoft declined to comment.

According to Daniels, both Juniper and F5 sent announcements out to their customers telling them that their SSL-VPNs are not compatible with IE 7.

In a statement e-mailed to, a Juniper spokesperson noted that Juniper has been testing IE 7 beta and release candidate versions for several months.

“Juniper is now testing the final generally available build in its labs and in the field,” the statement reads. “Juniper will provide full support for IE 7 in maintenance releases for existing versions of its software in early December 2006.”

According to a report from research firm Gartner earlier this year, only Juniper and Aventail are ranked in Gartner’s leader category for SSL-VPN. Cisco was ranked as a “visionary.”

“So we know for sure that we are the first of the major vendors to have IE 7 support,” Daniels said.

There are numerous other SSL-VPN vendors in the crowded remote access space.

“It is possible that there is another smaller SSL-VPN vendor who has made the necessary changes, but that is quite unlikely,” Daniels said. “First, significant changes would have been necessary, and second, we have not seen any PR announcements. If another vendor had support, it would be a major opportunity loss not to broadcast it.”, in fact, was able to find a smaller SSL-VPN vendor that claims to support IE 7, SonicWall. In a study last
year conducted by SonicWall, 80 percent of respondents thought that current SSL-VPN solutions were too expensive.

“SonicWALL SSL-VPN does support IE 7 and has done so since IE 7 was first introduced several months ago,” Mary McEvoy, director of public relations at
SonicWALL, told

She added that SonicWALL tested the betas and early releases as well as the official shipping version of IE 7.

At the heart of the issue of why IE 7 isn’t supported on all SSL-VPNs by default are a number of the security changes made by Microsoft to the browser.

“With IE 7, Microsoft has made some changes to tighten up its OS security,” Aventail’s Daniels noted. “That has affected the various agents that SSL-VPN vendors provision to users’ devices for both health checks of the device and connecting to corporate resources.”

“If an SSL-VPN is not compatible with IE 7, the end user of a device with IE 7 will not be able to use the VPN to connect to their resources.”

News Around the Web