cancel
Showing results for 
Search instead for 
Did you mean: 

Mobile Access and Security

scoutt_
Contributor

Mobile Access and Security

We recently got MAAS360 and now we can check in so to speak, our ipads and tablets. What we do is push then the Maas360 App and they have to have it to connect to our VPN SSL. That all works great, but if somebody knows the url to go to for our VPN and download Junos Pulse they can get in without having Maas360. We want to stop that and only allow users that have Maas369 installed.We have a (SA 2500 witn 7.1 R5 Build 19757 installed) and I see that I should be able to look for a process or a file but it also looks like it only works for Windows Mobile or Desktops. I also seen I can look for a certificate but not sure if that will work or not. We can push certs with the Maas360 but I am not sure if this is the best way or I am missing something in the SA-2500.

Anybody know fo a better more secure way?

5 REPLIES 5
zanyterp_
Respected Contributor

Re: Mobile Access and Security

You are correct, you cannot do a file or process check on ios devices. The certificate check is your best bet _as long as_ the only for users to get a valid certificate for pulse-based access is through the enrollment process (meaning that they can't use the one from their desktop to pass).

In 7.2 you can also do a certificate check through the mobile host checker policy for additional verification
scoutt_
Contributor

Re: Mobile Access and Security

thank you zany, one question though, where does the certificate come from? does the appliance produce it or buy it though a third party?

jayLaiz_
Super Contributor

Re: Mobile Access and Security

Hi,

You can use a windows cert server to generate the client certificates or you can get it from a public CA .Certificate authentication needs to be set up on the SA to allow client certificates to be validated

The certificate that you are pusing to the client needs to be a personal/user certifcate

Regards,

Jay

rdit_
Regular Contributor

Re: Mobile Access and Security

Client-Side Certificate Authentication is definitely a good start...as long as its working. I dont get it working on my Android Devices though. On Apple-Devices no problems.

You can just use openssl under linux to create and convert your certs and keys.

scoutt_
Contributor

Re: Mobile Access and Security

Thanks Jay and rdit, I will look more into it.