deedougie wrote:
Also I've heard that in OSX 11 will not allow allow unsigned kernel extensions. So please as long as Network Connect doesn't update, don't update to 10.11 !!
El Capitan does still allow unsigned kernel extension but like Yosemite you have to turn off requiring signed extensions. Wether this alone is sufficient you will have to try as I fortunately in my current job do not have to suffer Java based VPN client software.
Personally I regard all Java based VPN clients like Juniper as the work of cyber-terrorists.
I know why they use Java - because it allows an 'easy' way to push the entire VPN client and configuration to clients via a simple webpage but the stupidity of this approach is that it requires installing support for Java in a web-browser which is by far the most insecure thing you can do and I would say is even worse than (gag!) Flash. Because Java is cross-platform it means even Macs are then rendered as vulnerable as Windows PCs.
Due to this Apple do periodically send out updates to their XProtect list which disables Java completely until Oracle issue a new 'fixed' version. This can and has resulted in everybody losing the ability to access for example a Juniper VPN system for several days. The worst case I personally experienced was when Apple disabled Java on a Friday and because of a bank holiday it was a Tuesday before a fixed version from Oracle become available meaning four days downtime.
In case you are wondering what one should use instead, I would suggest using Apple's built-in VPN client. Both iOS9 and El Capitan now support as standard both Cisco IPSec (with certificates), and now IKEv2 (with certificates) clients. One can then push out configurations via a MDM solution. No need for messing about with Java and in theory an end to operating system updates breaking your VPN client each time.