Re: Juniper and Worksite Web

tmull60_ · ‎08-19-2011

Has anyone configured Worksite Web access through Juniper.

It is a document review tool for our DMS. I have it setup as a web bookmark using the web policy. I can access the site and log into it from outside using Juniper, but when I try to download documents it fails stating it cannot access the host server.

The policy allows access to the servers so i am not sure why it keeps failing.

Kristof_ · ‎08-20-2011

Can you add some screenshots?

Is reachability ok via the troubleshooting tool?

Is there a FW between your SSL box and your App Servers?

In the end the app might not be supported by Juniper though but these were the first questions that popped up in my mind ...

Thanks,

Kristof

kenlars_ · ‎08-20-2011

I've seen symtoms like this be resolved by changing caching parameters. Probably be able to give you more specific advice if you attach a screenshot of the error message.

Ken

zanyterp_ · ‎08-22-2011

I have seen it work, but not sure about the file download error. Does the error give you the full URL that it is trying to match against/can't connect to...is it your IVE or the backend server as the hostname? If the latter, there is a rewriting problem, what does your policy trace show for web rewriting? If the former, try using "unchanged" or "remove cache control: no-cache|no-store" for the site.

tmull60_ · ‎08-24-2011

I am connecting to the backend server using the IP and not a URL. When it attempts to download it uses additional ports so it may be my firewall blocking those. I am working with my firewal team so if that does not solve it I will post a screen shot.

The URL is the same as what I see in the main web browser so it is not trying to hit another server.

JTAC wants me to use JSAM or WSAM to connect, but those also failed so I think it is my firewall.

zanyterp_ · ‎08-24-2011

Based on what you said, I hope your firewall team can help find the issue and show the blocks on their side. If they need additional help with seeing it is on their side, a TCP dump on the IVE internal port may help as it will show the requests leaving but nothing coming back (more difficult if it is HTTPS protected; but can be done). When you tested through SAM, you launched the application in a new browser rather than using the bookmark, right? (to confirm it is a connection outside the IVE rewrite session)

tmull60_ · ‎09-14-2011

I was able to track down the cause. I was using the IP address of my web server within the web resource policy. I put a host entry for the host and change the policy to use the URL of teh server instead usign the FQDN. That worked and I coudl download documents.

However, I am now running into another issue where it just downloads a file that has all Juniper junk inside of it. When i try to open it it state Missing File: c:\dana-ns\css\ds.css. The files will not open as a result. Any thoughts on this one?

I found the article talking about the issue being caused by the certificate not coming from a trusted source, but that did not resolve the issue.

zanyterp_ · ‎09-15-2011

I'm not sure; I've yet to encounter that.

What's your caching policy look like? If you are not using "unchanged" or "remove cache control: no-cache|no-store" can you test with either of those?

If not, then the best bet will be to move forward with a JTAC case (please provide the logs here to help expedite the issue).

tmull60_ · ‎10-04-2011

I uploaded logs to JTAC, but they are unable to find the cause. They asked me to upgrade the OS to 7.1R4, but that didn't make a difference.

The odd thing is that if I use Firefox, I can download the content without an issue. The problem only occurs when using IE. I think it is the re-write, but I do not know the exact policy I should put in place to correct it. Hopefully, JTAC can work it out unless someone else has seen this.

zanyterp_ · ‎10-05-2011

I haven't seen this specifically, no, but because the two browsers handle the sites differrently, it doesn't surprise me much.

Were you able to provide both IE & Firefox logs to JTAC?