I have setup a little test environment. I have a Juniper SA 2500 enabling JunOS Pulse access to clients. The cliens obtain addresses inside their own network defined as a VLAN on my SA.
I have my internal management interface on the same port of the SA. I have set it up as the native VLAN on my firewall, so management traffic won't get tagged.
Everything works. I'm just a little worried about the fact, that my JunOS Pulse clients are able to manage the Juniper SA via the IP-address of the defined VLAN.
Is there any way to prevent this access other than limiting management to specific source IP-addresses?
Solved! Go to Solution.
Thanks for the quick reply. I thought I could only deny/allow traffic from specific host addresses, but it turns out, that I can specify whole networks.
I had to reboot the SA for the filter to take effect. Disconnecting Pulse wasn't enough.
So this is perfect. Now I can play some more with VLANs. ;-)