I have the SA700 device deployed in my organisation. I am trying to configure users connectivity using the Junos Pulse. The optoins which appear on teh Pulse client indicate if IC or SA/Firewall. I chose the ICor SA option, entered my username and the IP address in the URL section. However when I try to connect it toggles between waiting to connect and connecting, and I am never connected. Could you pleease provide guidance where I am going wrong.
In the SA700 I created a user profile, assigned it to the User group, however where do I go to force the user to use the Junos Pulse as oppose to the Network Connect
On the user roles - general tab where you enable Network Connect you should be able select whether they use the NC or Pulse client. I am assuming that the interface for the SA700 is the same as the other SA boxes.
Based on your experience, I have users who will be connecting from their home pcs, their corporate laptops when travelling and maybe a few from kiosks when travelling on business. Is it best to place the hostchecker at the user realm or the authentication profile.
In addition is split tunneling safe to activate.
1- Well host checker must always be enabled at the user realm level to use it at all. The question is when is it enforced. Not sure what you mean by placing it at the authentication profile. When you enforce HC at the user realm level you can of course use to deny login rights based on failure. You can also use it for role mapping - IE assigning the reqisite role right up front based on HC results. I like to do HC at the user realm level myself.
2- Is split tunneling safe to activate. Well that would depend on your desired security state when people are on your network. Obviously if you disable split tunnels then all traffic is forced through the SA box and the chance of someone being on a bad site and pulling in a virus or whatever and infecting the corporate network are less, but of course they could pick up a virus before they ever login. So no straightforward answer to that one.
what does your user access log show?
the sa700 interface is identical for this config (there are some differences in what is enabled as far as features, but it is identical where it matters): on the role, choose pulse or network connect.