Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Conducting Vulnerability Scans on VPN Sub-nets

wrap2tyt_
New Contributor
‎02-04-2015 12:14:PM
‎02-04-2015 12:14:PM

Conducting Vulnerability Scans on VPN Sub-nets

Good afternoon all,

 

This is my first post to this community and I hope this is the place to get help. I'm the information security engineer for my company and I'm trying to find instructions for how to conduct vulnerability scans of host computers connected over VPN and we are using the SA4500 series devices. The current issue is this, my scan engican "see" the computers that are connected, but cannot\do not get an authenticated or credentialed scan.

 

So my question is how do I get the 4500's to allow these hosts to be scanned? If I had this information\documentation I could pass it on to the admin for these systems so that we can get this fixed. I don't like telling someone to fix something without at least trying to find a remedey for the problem.

 

Any assistance will be appreciated, thanks in advance!

0 Kudos
2 REPLIES 2
filbert_
Frequent Contributor
‎02-05-2015 02:47:PM
‎02-05-2015 02:47:PM

Re: Conducting Vulnerability Scans on VPN Sub-nets

I think you need to provide some more details in order to get an answer. What type of VPN client is being used? What do you mean by "you can see the device"? Can you ping a users device that is connected by vpn? What protocol is being used between the scan engine and the users PC? etc..

0 Kudos
wrap2tyt_
New Contributor
‎02-06-2015 07:59:AM
‎02-06-2015 07:59:AM

Re: Conducting Vulnerability Scans on VPN Sub-nets

Thank you for your response. When I said that I can see the hosts, I mean that when I go to review the scan results I can see every host that was logged in and scanned. I can see the hostname of the computer and the IP obtained for the LAN segment that it connected to. I can determine the date\time all of this took place, the only problem is that something is preventing my scan engines from authenticating to the hosts on VPN LAN segments.

 

As for the client information:

Junos Pulse ver 3.1
Version Details
Junos Pulse    3.1.3.31097
Junos Pulse 802.1X Connection Method    3.1.3.31097
Junos Pulse Connection Manager    3.1.3.31097
Junos Pulse Connection Store Service    3.1.3.31097
Junos Pulse EAP Service    3.1.3.31097
Junos Pulse EES Service    7.3.3.31097
Junos Pulse Integration Service    3.1.3.31097
Junos Pulse Gateway Connection Method    7.3.3.31097
Junos Pulse User Interface    3.1.3.31097
Juniper Network Agent    5.31.3.29839
Juniper Networks TDI Filter Driver    7.3.0.29921
Junos Pulse Core Service    3.1.3.31097
Junos Pulse TNC Client    7.3.3.31097
Junos Pulse Tunnel Manager    3.31.3.31097
Junos Pulse VPN Connection Method    3.1.3.31097
Application Acceleration    6.2.1.13420

 

Thanks again for you response.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.