Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Question about SSL VPN-Juniper Secure Access

andre_
Contributor
‎06-10-2008 09:40:PM
‎06-10-2008 09:40:PM

Question about SSL VPN-Juniper Secure Access

Hi guys,

I have some question about SA product :
1. Can we monitoring user activity after the user login success to SSL VPN connection, like can we see what is user do in the network and what protocols or applications
that used by the user?
2. As far as i know the SSL VPN Juniper first trying to use IPSEC VPN for connection, if it's fails then using SSL VPN. Is it right?
if it is like that, how we set to use IPSEC VPN connection? should open IPSEC Port to IVE ip? any guide for this?
3. Can we create user role in SA/IVE by group if use server authentification by Radius server or AD? any guide for this?
4. In the Network Connect Policy, how can we deny or allow for some resource access for the user using Netwok connect?
I already tried, but when user login success to NC, the user still connect to the resource that deny access.


any solution of this issue???
please ASAP inform me.

thanks guys,


Regard,
Andre
0 Kudos
3 REPLIES 3
alan_
Contributor
‎06-10-2008 11:02:PM
‎06-10-2008 11:02:PM

Re: Question about SSL VPN-Juniper Secure Access

1. Yes for WSAM (since it's a proxy) and no for Network Connect. To solve this we put the SSL VPN on a DMZ and let the firewall log.

2. Yes, IPsec fallback to SSL is configurable.

3. Yes and Yes. See Juniper docs..

http://www.juniper.net/techpubs/software/ive/6.x/6.0/

4. NC is very configurable, you can control about anything. Not sure where you went wrong.

0 Kudos
andre_
Contributor
‎06-17-2008 01:11:AM
‎06-17-2008 01:11:AM

Re: Question about SSL VPN-Juniper Secure Access

Hi guys,

If we use WSAM (SA is proxy) we can see activity user when user success login to the SA, but when we using Network connect it is not.

1.my question is any other method that when we using network connect we can see all activities of the user logged in into network through SA? is it IDP can do that like monitoring all activities of user, like everything that the user accessed : TCP/IP or UDP can we monitoring?

2. can we access outlook without using network connect? any other alternatives? so the user can access the outlook server (exchange) at office from outside?

please reply ASAP.

Thank you,

Andre

0 Kudos
Russ_
Contributor
‎06-17-2008 05:40:AM
‎06-17-2008 05:40:AM

Re: Question about SSL VPN-Juniper Secure Access

Hi Andre,

1. For brief periods you could use the TCPdump feature under troubleshooting to monitor the internal interface of the SA. You could also use an external packet sniffing device. If you are looking at it from a strictly security standpoint, you could monitor the internal interface o fthe SA with an intrusion detection/prevention sensor.

2. You can use Network Connect or WSAM to remotely access Exchange.

Regards.

Russ

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.