Juniper Networks is announcing an agreement with Symantec for software that makes sure remote machines meet security policies before they can access Juniper SSL VPNs.

Based on technology Symantec acquired when it bought WholeSecure earlier this year, the Advanced Endpoint Defense Module downloads a software agent to remote machines to scan them for malicious code such as Trojans, keystroke loggers and viruses. The software can also monitor remote machines during SSL sessions to make sure their profiles don't change to an unacceptable state.

Customers can use the software to create separate policies for separate groups. So it might be all right for IT staff to have key loggers on their machines, but not the marketing department.

The configuration software for the endpoint-protection software is tuned to check for certain specific security software running on the remote client. This feature is meant to save time. So if a customer wanted to check that a certain brand of anti-virus software was active and updated, they would just designate the software search for that brand. Before, customers would have to type in what specific registry checks to make to determine if the anti-virus is present, for instance, which called for more individual entries on the part of an administrator.

A 25-user Advanced Endpoint Defense Module ships standard with any of Juniper's SA model VPN gateways. If customers want more than 25, they can pay for more licenses. It costs $1,000 to cover 50 more simultaneous users and $30,000 for 2,500. The module is available now.