Showing results for 
Search instead for 
Did you mean: 


meftahur rahman_
Occasional Contributor


Hi guys,

I am in a bit of fix here with JSAM.I have joined as a VPN admin in a company and they use juniper ssl VPN's.I am having a problem understanding what JSAM is.
In a standard juniper document i found the following details:

The Java version of the Secure Application Manager (J-SAM) provides secure port
forwarding for applications running on a remote machine. J-SAM works by directing
client application traffic to the J-SAM applet running on a client machine. The IVE
assigns a unique IP loopback address to each application server that you specify for a
given port. For example, if you specify:,,
and for a single port, the IVE assigns a unique IP loopback
address to each application:,, and respectively.

I did understand what basically JSAM does (reverse proxy) but i didnot understand what those loopback ip's the document says about and why the loopback ips are used?

Can someone describe in lay man terms how the whole JSAM thing works (with these loopback ip's).
I will be very thankfull to anyone who gives an answer.
Frequent Contributor



Does this help? "The JSAM applet works by creating a mapping the FQDN of the server to a loopback IP (127.0.x.x). When the user attempts to connect, the local IP is returned for the resolution" = KB19776.

So when the app stream is redirected to the loopback IP, JSAM will then route the traffic via the SSL tunnel for delivery to the SA/Server.

Frequent Contributor


Hello Meftahur Rahman,

JSAM stands for Java Secure Application Manager.
When we say Java, we are basically talking about Java Applets here.
How does JSAM function?
- Remember, there is already a SSL tunnel between the client and the IVE.
- For example: If the IVE is configured for users to access via JSAM, then when the client access the IVE
and launch JSAM, the following happens:
- JSAM will now immediately modify the computer "host file" and add the is on 127.0.1.X loopback IP
- JSAM also will do a backup of the "original host file" on the client machine.
(You can see this when you go to C:\WINDOWS\system32\drivers\etc location after launching JSAM)
- Now, when a user hits, the computer will try to do name lookup and it will check the "host file" where, it has
the entry saying, needs to be reached through 127.0.1.X.
- The browser sends the traffic to the JSAM java applet listening on this loopback IP and that traffic is forwarded /
tunneled to the IVE using the inital SSL connection to the IVE which the client already has with the IVE over port 443.
Hope the above helps you.

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks