Juniper Networks Odyssey Access Client
802.1X Network Access Security Products

• Microsoft^®Windows^®XP, Windows 2000, and Windows Vista^®operating systems
• Windows Mobile^®Professional, Windows Mobile, Windows CE, and Windows Mobile 2003 for Pocket PC
• Red Hat^®Enterprise Linux^®(RHEL)
• Apple^®Mac OS^®operating system software

Please note that supported features will vary between different OAC editions for specific platforms. For details on supported features by platform, please consult the specific OAC edition’s documentation, which may be found at www.juniper.net/customers/support/.

• EAP-TTLS¹
• EAP-PEAP¹
• EAP-TLS¹
• EAP-FAST and LEAP
• EAP-SIM²
• EAP-AKA²
• EAP-POTP²
• EAP-MD5³

OAC also supports advanced encryption protocols, including Wi-Fi Protected Access (WPA) and WPA2.

• Supports the most EAP types in order to support the authentication protocol or protocols that best address your network security needs.

Seamlessly enables all of the benefits of EAP, including:

• Credential security using Transport Layer Security (TLS) for cryptography
• Data privacy
• The industry’s strongest available encryption of data communicated wired or wirelessly across all platforms.

• Client lockdown, which prohibits a user from editing or modifying any administrator-defined WLAN or wired 802.1X connection or setting.
• Additional entries for home networks or hotspots can be defined, but only with the appropriate organizational permissions.
• Restricts users who are not credentialed administrators from disabling or exiting—essentially turning off—OAC via the OAC system tray icon by hiding the right-click “Exit” menu entry; or the OAC adapter selection checkbox in the Wi-Fi window of the Odyssey Access Client Manager.

• Ensures that the client remains in complete, constant compliance with your organization’s access and security policies.
• Makes sure that a user cannot accidentally or purposefully disable or exit OAC.

• Compatible and integrates seamlessly with UAC, Juniper’s comprehensive NAC solution.
• Includes an enhanced user interface with additional elements that become active only upon connection and interoperation with UAC, creating a complete network and application access control solution.
• Administrators can use Odyssey Client Administrator to generate a configuration file and upload it to IC Series Unified Access Control Appliances at the heart of UAC for delivery with the client package (MSI).

• A single OAC client works for both wireless and wired network access
• Works with any 802.1X-compatible RADIUS server
• Supports multiple adapter cards simultaneously

• Chinese (Simplified)
• Chinese (Traditional)
• French
• German
• Japanese
• Korean
• Spanish

• Localized versions enable organizations with users for whom English is not their native language to use OAC effectively.
• Enables the deployment of secure wired and wireless connectivity and control across worldwide organizations and enterprises.

• Embeds enterprise settings, certificates, and permissions into a custom installation package for initial deployment.
• Automates client distribution via integration with common enterprise deployment tools, including Systems Management Server (SMS).
• Command line export to script preserves network configurations across installs and uninstalls.
• XML-based scripting language automates distribution of settings.
• Single, unified installer provides a simple, integrated way to install any OAC edition.
• Can be installed as a background task with no user interaction required through silent installation option.
• Can implement a hidden registry setting that is checked when any upgrade occurs, enabling machine account networks, profiles, and auto-scan lists to be merged during an upgrade to preserve existing configurations.

• Straightforward user interface includes at-a-glance connection information and status.
• Provides uncomplicated yet comprehensive user controls.
• Auto-scan lists for most platforms allow the user to associate with any network listed.
• Self-administrating, requiring no user interaction.
• If desired, client stealth mode can hide icons and splash screen from users.
• Enables users to move seamlessly between different networks (home, office, hotspot, other).

• One client supports wired and wireless 802.1X deployments simultaneously.
• Common user interface look-and-feel, terminology, and feature sets across all of OAC’s supported OS platform versions.
• User experience can be customized, if desired.
• A common tool is used to administer and provision clients across all supported OS platforms and editions.

• Offers enhanced troubleshooting capabilities, including comprehensive debug logs.
• Includes a scan airwaves tool for enhanced network planning and troubleshooting.
• Log to File gathers information useful to technical support staff and network administrators; logging levels are controllable via the user interface.
• Trace and debug logs are accessible and configurable from the Odyssey Access Client Manager.

• Simplifies network diagnostics and troubleshooting, reducing problem diagnosis time to decrease support costs and increase productivity.
• Access, configure, search, and save trace and debug logs, saving support and troubleshooting time.

• Exercise complete control over secure, safe, and appropriate network connectivity.
• User interface permissions provide uniform enforcement of security policies.
• Preferred networks feature allows administrators to configure networks for users in priority order, associating with a higher priority network when users are in range.
• Preemptive networks feature allows administrative configuration of priority networks to which users can be associated when they are in range.
• Wireless suppression restricts a user’s wireless connectivity when their endpoint device is connected to a wired network.
• No default connection restricts user connectivity to an available network as a default state.
• Prevent users from deselecting OAC as the default wireless access client for a chosen wireless adapter.
• Increase compatibility with third-party wireless applications by enabling the application to temporarily disable OAC when the application needs to operate or transmit.
• Restrict the length of time that a temporary or “scanned” wireless network may remain configured in OAC; or enable OAC to “forget” the network ever existed.

• Ensures across-the-board enforcement of an organization’s security and access policies, and ensures that users are connected to the appropriate network in the appropriate manner, restricting their connectivity in select situations to specific offering(s).
• Increases compatibility with third-party wireless applications, enhancing usability and saving administrative or helpdesk calls and time.
• Delivers additional protection, to assure that users and devices cannot inadvertently or intentionally connect to networks that should not be trusted.

• Supports Microsoft Windows Graphical Identification and Authentication (GINA) and Novell® NetWare® login.
• Delivers machine authentication support.
• Provides single sign-on (SSO) support for Microsoft Windows and Novell environments.
• Login names can be automatically provisioned.
• Supplies automatic login scripts.
• Simplifies connection from “wireless only” devices.
• Prompts user for user name.

• Significantly improves and simplifies network connectivity while ensuring network security, and improves administration processes.
• Prompt for user name and automatic login scripts ensure the secure use and connection of a single device employed by multiple users as well as enabling easy background access by network managers.

• Incorporates the Odyssey Security Component, a cryptographic module that is Federal Information Processing Standard (FIPS) 140-2 Level 1 validated by both the National Institute of Standards and Technology (NIST) and the Canada Communications Security Establishment (CSE), Canada’s national cryptologic agency.
• Evaluated and certified for conformance to the Common Criteria (ISO/IEC 15408), the international security standard, and has been awarded an assurance level of EAL 3 Augmented ALC_FLR.2; claims being validated include the U.S. Government Protection Profile for Wireless LAN Clients for Basic Robustness Environments. (Please contact Juniper Networks for the version number of the evaluated client.)
• Supports xSec for more robust, government-approved encryption, using AES for in-transit data when operating over Microsoft Windows Vista and with 802.11 adapters and drivers.
• Compatible with U.S. Department of Defense (DoD) Common Access Card (CAC) standards and certificates.
• Conforms to NIST and DoD guidelines for the use of 802.11i and TLS-based EAP methods.

• An 802.1X client (supplicant) that meets stringent government IT and communications requirements, OAC FIPS Edition incorporates the Odyssey Security Component, a cryptographic module that is FIPS 140-2 Level 1, Certificate #569 validated by NIST and the CSE, Canada’s national cryptologic agency.
• OAC FIPS Edition has been evaluated and certified for conformance to the Common Criteria (ISO/IEC15408), the international security standard. The claims being validated include the U.S. Government Protection Profile for Wireless LAN Clients for Basic Robustness Environments. OAC FIPS Edition has been awarded an assurance level of EAL 3 Augmented ALC_FLR.2. (Note: Please contact Juniper Networks for the version number of the evaluated client.)
• OAC FIPS Edition is also compatible with the DoD’s CAC standards and certificates.

• Want or must deploy secure, scalable wired or WLAN access based on the open 802.1X and 802.11i security standards
• Must meet stringent encryption requirements stipulated by the U.S. government.