Just upgraded to the latest 6.5x version and noticed a new "Feature" Pop-up Setup Control - Warning. Anytime a Juniper executable gets loaded the user gets a popup warning with Always, yes and no. Although its nice to warn users, is there anyway to disable this feature? Aside from preloading the Trusted Server List to users.(KB15208)
No, there is not an option to disable the whitelist security feature, besides loading a file on the client before hand (as you have mentioned). This is a security feature that was added to protect users.
everytime the user logs in? i thought that would only pop up when the user initially installs the applications but that happens everytime the software (NC/HC) gets loaded? hell...
If the user clicks 'Always' the server gets added to the user whitelist and they will not receive the pop-up in the future for that server.
Yea. The pop-up appears for Each of the Modules too. HostChecker, Juniper Installer, NC, etc... One warning for all should be enough. We usually prefer to minimize the user intervention. Especially with Windows 7, it has enough popup warnings itself.
You can predeploy the whitelist.txt. We did this and it worked well. Only problem is it needs to go in the users app data folder. We automated this by using a wise script.
The script goes to the registry and pulls the APPData value:
Then you write the whitelist.txt file to:
This should eliminate the messages. If you're willing to give me the hostnames of your IVE's I can customize a install for you.
You can predeploy a whitelist file to the %ProgramFiles%\Juniper Networks\ folder
Check out the Trusted Server List section in the admin guide.
Thank for the suggestions in populating the whitelist for each client. My problem with that is that my users are mostly non-employees, so its's not as easy to deploy mods to their pcs. The other problem is that the user needs to really attempt to connect to the ssl vpn first in order for all the Juniper Directories to get created under the Users profile.
I think all of this effort really defeats the purpose of the SSL VPN process being "clientless" and not having to preload/maintain anything on the client pc.