We recently got MAAS360 and now we can check in so to speak, our ipads and tablets. What we do is push then the Maas360 App and they have to have it to connect to our VPN SSL. That all works great, but if somebody knows the url to go to for our VPN and download Junos Pulse they can get in without having Maas360. We want to stop that and only allow users that have Maas369 installed.We have a (SA 2500 witn 7.1 R5 Build 19757 installed) and I see that I should be able to look for a process or a file but it also looks like it only works for Windows Mobile or Desktops. I also seen I can look for a certificate but not sure if that will work or not. We can push certs with the Maas360 but I am not sure if this is the best way or I am missing something in the SA-2500.
Anybody know fo a better more secure way?
thank you zany, one question though, where does the certificate come from? does the appliance produce it or buy it though a third party?
You can use a windows cert server to generate the client certificates or you can get it from a public CA .Certificate authentication needs to be set up on the SA to allow client certificates to be validated
The certificate that you are pusing to the client needs to be a personal/user certifcate
Client-Side Certificate Authentication is definitely a good start...as long as its working. I dont get it working on my Android Devices though. On Apple-Devices no problems.
You can just use openssl under linux to create and convert your certs and keys.