I am posting here because the technical support of my University where this VPN is deployed at enterprise level has been completely unable to provide timely (as in, any) assistance with the following problem. Moreover I probably know more about IT than the tech support monkeys (I do it for other clients as a Postdoc in Comms). If I can troubleshoot it here, I can help my University sort this mess out for all Mac users.
I am unable to get Junos Pulse working on Mac OS 10.10.4 running Safari 8.0.7 or Chrome 43.
10 Upon successful login to vpn.umontreal.ca I click START for JUNOS PULSE as directed.
20 The page says "Please Wait. Launching Junos Pulse [...]
30 The page brings me to a screen saying:
"In order to continue the operation you need to install a setup client. Please click here to install setup package. Once the setup client is installed, please click here to continue."
40 I have already downloaded and installed the setup client. Clicking HERE TO CONTINUE brings me back to the Launch Junos Pulse screen. I click that. GOTO 10.
EOS; BAD INFINITY.
I have followed all instructions provided by my Uni—
http://www.dgtic.umontreal.ca/reseau/vpn.html http://www.dgtic.umontreal.ca/documents/VPN_Mac.pdf (note this still says "Network Connect!")
* the Juniper Networks client has been installed. Files are located at: ./Library/Application Support/Juniper Networks
* Java has been updated
* client permissions on Safari have been set to allow for Java access
A couple of points:
(1) It appears that no actually executable app software, at least under /Applications, has been installed. Just files under Application Support.
(2) The downloaded client installer JuniperSetupClientInstaller.dmg provided by my University contains three packages:
JuniperSetupClient.pkg (3MB) — INSTALLS "Juniper Networks" folder under ./Library/Application Support, with JuniperCompMgr, JuniperSetupClient, JuniperSetupClient.ini, and juniperSetupDll.dylib, and two empty subfolders, DSCOMPMGR_LOCK and DSSETUPCLIENT_MUTEX
SetupClientPostflight.pkg (37KB) — INSTALLS NO FILES
SetupClientPreflight.pkg (37KB) — INSTALLS NO FILES
So, has this Junos Pulse client been configured properly for distribution? Or is it missing something (ie the application itself)? Are there plugins settings that need changing in Chrome/Safari for the VPN software to execute properly?
Any assistance greatly appreciated & thanked with virtual donuts, gracias.
Have you tried launching directly from Pulse? Setup client is only required to launch via a web browser.
You will need to take special consideration when launching via browser since we utilize Java. Since Chrome has blocked the java plugin, this will no longer work. If you are utilizing Safari, you will need to ensure to change the security setting for Java to run in "Unsafe mode" for the VPN url.
The following steps are stated in the known issues for Mac OS X 10.9:
Safari and the kernel implement some checking for additional security and after exactly 2 minutes and 1 second of Network Connect being active the connection is dropped because of the fact it does not pass security.
The only way around this is to use chrome and reanable NPAPI support inside of chrome://flags. NC then will work some times....mostly occasionally it dies and causes java to consume 100% of CPU.
This of course will only work till December 2015 when chrome will be completely dropping java support. This is the same for microsoft with Edge. Firefox also does not work as it does not pass hostchecker in 10.10. I've seen some random reports that opera may work. Seems we are searching for a browser to support a legacy software solution.
Noting that Pulse also does not support windows 10 browser support and the recommended solution for windows 10 is to install ie11 just for this.
Although I have a network connect that works I've tried using Secure Connect client and it does not connect. I'm not sure if there is some SA gateway configuration that is required for Secure Connect versus NC.
Thanks for replies here. Since writing this post, I came to the same conclusions as Brad. Juniper/Pulse uses deprecated NPAPI protocol. It is insecure software that is effectively obsolete.
Unbelievably, this dated and insecure software is still being used in large-scale institutional settings such as Universities. I've spoken to my University's IT Dept (Université de Montréal) and they are completely unaware of these issues, which is insane given that NPAPI has been on the deprecation list since at least 2012 (it's fairly evident they have no idea what they are doing and have just been sold a client package; the real issue here is PulseSecure, which should be updating this roll-out package immediately).
There is no fix or workaround. I have manually disabled NPAPI in several browsers but this is an insecure "solution". The only real solution is to release a new version of Juniper/Pulse that doesn't use NPAPI/Java.
Large-scale VPN implementation is effectively broken using Juniper/Pulse until it is recoded to use an alternative framework.