Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pulse Connect Secure / Mac OSX / Java

slackerofthemind
Occasional Contributor
‎07-20-2015 06:14:PM
‎07-20-2015 06:14:PM

Pulse Connect Secure / Mac OSX / Java

hi folks,

I am posting here because the technical support of my University where this VPN is deployed at enterprise level has been completely unable to provide timely (as in, any) assistance with the following problem. Moreover I probably know more about IT than the tech support monkeys (I do it for other clients as a Postdoc in Comms). If I can troubleshoot it here, I can help my University sort this mess out for all Mac users.

I am unable to get Junos Pulse working on Mac OS 10.10.4 running Safari 8.0.7 or Chrome 43.

TLDR;

10 Upon successful login to vpn.umontreal.ca I click START for JUNOS PULSE as directed.

20 The page says "Please Wait. Launching Junos Pulse [...]

30 The page brings me to a screen saying:

"In order to continue the operation you need to install a setup client. Please click here to install setup package.
Once the setup client is installed, please click here to continue."

40 I have already downloaded and installed the setup client. Clicking HERE TO CONTINUE brings me back to the Launch Junos Pulse screen. I click that. GOTO 10.

EOS; BAD INFINITY.


--->

I have followed all instructions provided by my Uni—

http://www.dgtic.umontreal.ca/reseau/vpn.html
http://www.dgtic.umontreal.ca/documents/VPN_Mac.pdf (note this still says "Network Connect!")

--->

So,

* the Juniper Networks client has been installed. Files are located at: ./Library/Application Support/Juniper Networks

* Java has been updated

* client permissions on Safari have been set to allow for Java access


A couple of points:

(1) It appears that no actually executable app software, at least under /Applications, has been installed. Just files under Application Support.

(2) The downloaded client installer JuniperSetupClientInstaller.dmg provided by my University contains three packages:

JuniperSetupClient.pkg (3MB)
— INSTALLS "Juniper Networks" folder under ./Library/Application Support, with JuniperCompMgr, JuniperSetupClient, JuniperSetupClient.ini, and juniperSetupDll.dylib, and two empty subfolders, DSCOMPMGR_LOCK and DSSETUPCLIENT_MUTEX

SetupClientPostflight.pkg (37KB)
— INSTALLS NO FILES

SetupClientPreflight.pkg (37KB)
— INSTALLS NO FILES

----->

So, has this Junos Pulse client been configured properly for distribution? Or is it missing something (ie the application itself)? Are there plugins settings that need changing in Chrome/Safari for the VPN software to execute properly?

Any assistance greatly appreciated & thanked with virtual donuts, gracias.

—*slack
0 Kudos
9 REPLIES 9
slackerofthemind
Occasional Contributor
‎07-20-2015 06:15:PM
‎07-20-2015 06:15:PM

Re: Pulse Connect Secure / Mac OSX / Java

You would think this form would respect line breaks? Gah.
0 Kudos
slackerofthemind
Occasional Contributor
‎07-20-2015 06:16:PM
‎07-20-2015 06:16:PM

Re: Pulse Connect Secure / Mac OSX / Java

Testing line breaks. Testing again.
0 Kudos
slackerofthemind
Occasional Contributor
‎07-20-2015 06:18:PM
‎07-20-2015 06:18:PM

Re: Pulse Connect Secure / Mac OSX / Java

Line[br]break[/br]
0 Kudos
slackerofthemind
Occasional Contributor
‎07-20-2015 06:18:PM
‎07-20-2015 06:18:PM

Re: Pulse Connect Secure / Mac OSX / Java

Forget it. You folks might want to allow standard line breaks in the editor.
0 Kudos
kita
Regular Contributor
‎07-21-2015 05:03:PM
‎07-21-2015 05:03:PM

Re: Pulse Connect Secure / Mac OSX / Java

Have you tried launching directly from Pulse? Setup client is only required to launch via a web browser.

You will need to take special consideration when launching via browser since we utilize Java. Since Chrome has blocked the java plugin, this will no longer work. If you are utilizing Safari, you will need to ensure to change the security setting for Java to run in "Unsafe mode" for the VPN url.

The following steps are stated in the known issues for Mac OS X 10.9:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB28278&actp=search&viewlocale=en_US&searchid=1437516177223
0 Kudos
Brad
Occasional Contributor
‎08-15-2015 04:16:PM
‎08-15-2015 04:16:PM

Re: Pulse Connect Secure / Mac OSX / Java

The above does not work if your on 10.10.x.

Safari and the kernel implement some checking for additional security and after exactly 2 minutes and 1 second of Network Connect being active the connection is dropped because of the fact it does not pass security.

The only way around this is to use chrome and reanable NPAPI support inside of chrome://flags. NC then will work some times....mostly occasionally it dies and causes java to consume 100% of CPU.

This of course will only work till December 2015 when chrome will be completely dropping java support. This is the same for microsoft with Edge. Firefox also does not work as it does not pass hostchecker in 10.10. I've seen some random reports that opera may work. Seems we are searching for a browser to support a legacy software solution.

Noting that Pulse also does not support windows 10 browser support and the recommended solution for windows 10 is to install ie11 just for this.

Although I have a network connect that works I've tried using Secure Connect client and it does not connect. I'm not sure if there is some SA gateway configuration that is required for Secure Connect versus NC.
Brad
Occasional Contributor
‎08-15-2015 04:19:PM
‎08-15-2015 04:19:PM

Re: Pulse Connect Secure / Mac OSX / Java

I should have also said that trying to start NC directly also fails and it does not even get to the http login page. Unsure why this happens.

All of the above verified on 3 new MACs with 10.10.4 and 5.

Fundamentally you could say this is not supported. Noting of course that NC is not supported in these versons according to the formal documentation.
Brad
Occasional Contributor
‎08-15-2015 04:19:PM
‎08-15-2015 04:19:PM

Re: Pulse Connect Secure / Mac OSX / Java

One final item on the original post. Network Connect and Pulse are different items....
0 Kudos
slackerofthemind
Occasional Contributor
‎09-01-2015 03:28:PM
‎09-01-2015 03:28:PM

Re: Pulse Connect Secure / Mac OSX / Java

Thanks for replies here. Since writing this post, I came to the same conclusions as Brad. Juniper/Pulse uses deprecated NPAPI protocol. It is insecure software that is effectively obsolete.

Unbelievably, this dated and insecure software is still being used in large-scale institutional settings such as Universities. I've spoken to my University's IT Dept (Université de Montréal) and they are completely unaware of these issues, which is insane given that NPAPI has been on the deprecation list since at least 2012 (it's fairly evident they have no idea what they are doing and have just been sold a client package; the real issue here is PulseSecure, which should be updating this roll-out package immediately).

There is no fix or workaround. I have manually disabled NPAPI in several browsers but this is an insecure "solution". The only real solution is to release a new version of Juniper/Pulse that doesn't use NPAPI/Java.

Large-scale VPN implementation is effectively broken using Juniper/Pulse until it is recoded to use an alternative framework.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.