cancel
Showing results for 
Search instead for 
Did you mean: 

No launch WSAM button in portal with WSAM web resource profile mapped

SOLVED
Highlighted
Contributor

No launch WSAM button in portal with WSAM web resource profile mapped

SA 8.0R2 on MAG4610.

 

I created a web resource profile and under rewrite policy I set it to use WSAM.  SAM options on this user role are set to WSAM.  I set auto-launch SAM in the options but WSAM still doesn't launch.

 

When I log in with a user that has this profile mapped I don't get an option to launch WSAM.

 

If I change SAM options to JSAM I get a button in the portal.

 

This user I am testing with also has Junos Pulse configured.  Would this cause WSAM to not be available for any reason?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Regular Contributor

Re: No launch WSAM button in portal with WSAM web resource profile mapped

Yes I suspect Pulse client is establishing the VPN tunnel through Junos Pulse. To test if this is the case can you disable VPN tunneling option for this role?

 

Note: WSAM client is also folded into Pulse. So when you do above it will still appear as Junos Pulse Client and when launched it will provide WSAM functionality

View solution in original post

3 REPLIES 3
Highlighted
Regular Contributor

Re: No launch WSAM button in portal with WSAM web resource profile mapped

By 'folded' I meant WSAM as a feature/functionality has been included into the Junos Pulse client offering. So L3 VPN is a service offered by Junos Pulse client and similarly WSAM is another service offered by Junos Pulse client.  When both services are enabled (on same role or due to role merging) the L3 VPN service wins and is activated on client side (resulting in ignoring the WSAM server side config).

In your use case it may be better to not use WSAM at all (since you are already allowing a L3 VPN tunnel). For your Web Bookmark traffic to go through L3 VPN Junos Pulse client instead of the default access method (i.e. Web Rewriter) the config will be to add a Web Resource Profile and select the 'No Rewriting' option. Then add the destination to the split tunnel config of Pulse as well.

It would have been nice if Pulse could smartly consolidate the config the way you described however currently that is not available.

Highlighted
Contributor

Re: No launch WSAM button in portal with WSAM web resource profile mapped



@ ruc wrote:

Yes I suspect Pulse client is establishing the VPN tunnel through Junos Pulse. To test if this is the case can you disable VPN tunneling option for this role? 





That was it.  When I disable VPN Tunneling option on this role I get the WSAM shortcut.





@ruc wrote:

Note: WSAM client is also folded into Pulse. So when you do above it will still appear as Junos Pulse Client and when launched it will provide WSAM functionality





This makes sense as Pulse can provide the necessary L3 capability if you are authorized for Pulse (VPN Tunneling).    If I define web bookmarks or applications to use WSAM but deploy the Pulse client instead, will those WSAM based policies actually filter through the Pulse client, or would I need to still install WSAM and launch it outside of the portal (because there is no shortcut when Pulse is enabled) for those WSAM defined applications/web bookmarks to work?

In my situation, I allow Split Tunneling so I must define networks/IP's that go through the tunnel.  If my Pulse split-tunneling resource policy doesn't have a destination IP listed that is needed by a WSAM Web Bookmark, then the WSAM Web Bookmark wouldn't connect.   Any idea if the software is smart enough to catch this and warn me after I create the bookmar, or is this something I will just need to be aware of and manually adjust split-tunneling resources?


Highlighted
Regular Contributor

Re: No launch WSAM button in portal with WSAM web resource profile mapped

Yes I suspect Pulse client is establishing the VPN tunnel through Junos Pulse. To test if this is the case can you disable VPN tunneling option for this role?

 

Note: WSAM client is also folded into Pulse. So when you do above it will still appear as Junos Pulse Client and when launched it will provide WSAM functionality

View solution in original post