cancel
Showing results for 
Search instead for 
Did you mean: 

RDP - Network Level Authentication

Antioch_
Contributor

Re: RDP - Network Level Authentication

Thanks for those links, though the idea of purchasing a separate RDP program is unsavory. NLA has been in since Vista after the MITM concerns with XP's implementation of RDP, so this feature has been around since 2007. Many other VPN providers (more specifically watchguard SSLVPN) have implemented NLA RDP clients into there products, so why has Juniper, the leader in SSLVPN products, not offered this in 7+ years? This needs to be implemented ASAP, NLA is not going away and is on by default in modern os's.

mtessier_
Frequent Contributor

Re: RDP - Network Level Authentication

Steve, thanks for your input!  We do use the Hob client, but we limit it to Mac's who obviously cannot use the Juniper Win32 RDP client. In general it perfoms very well, but even if it supported NLA it would not be a good replacement due to a few key differences.

1. It does not work with user defined Juniper RDP bookmarks ( this is huge for us ).

2. Licenses for Hob are expensive and they cannot be clustered or shared on a license server - every MAG / SA must have its own concurrent licenses.

3. Most settings for the Hob Applet are defined in the HTML for the app and thus must be shared across all users. I was never able to give my users the ability to define their own screen resolution, color depth, etc.

4. Java is required. Today, our Windows users only have to install Java if they require FireFox with the our VPN. I'd hate to change that.

 

I admit that I haven't gone back and revisited the third issue in a couple years. So there may be a way to accomplish individual RDP settings that I just haven't discovered.

OCDUNE_
Not applicable

Re: RDP - Network Level Authentication

I can definitely help you with your third option. You can enable the a control panel for the HOB users to change the settings. You can also disallow which settings may be modified. In the HTML you want to add the following

 

<param name="RDPOPTIONS" value=YES"<<rdpoptions>>">

 

Then you add the ADJUSTMENT to set the basline features, then use ADJUSTMENTOPTIONS to add or subtract features from there. Anything you disallow will be greyed out to the end users. 

mtessier_
Frequent Contributor

Re: RDP - Network Level Authentication

Thanks, OCDune.

 

I'm experimenting with that option.

mtessier_
Frequent Contributor

Re: RDP - Network Level Authentication

FYI, my local rep just got back to me with the Enhancement Request number for NLA in RDP.

It is ER37466.

Anyone else who would like this feature added can contact their local Juniper rep and have their company name added to the ER I believe.

Antioch_
Contributor

Re: RDP - Network Level Authentication


@mtessier wrote:

FYI, my local rep just got back to me with the Enhancement Request number for NLA in RDP.

It is ER37466.

Anyone else who would like this feature added can contact their local Juniper rep and have their company name added to the ER I believe.


We dont have a rep locally, can we add ourselves some other way?

mtessier_
Frequent Contributor

Re: RDP - Network Level Authentication

That's a good question. I would assume that JCARE customrer support could put you in touch with your regional Juniper rep.

 

Perhaps one of the forum moderators can confirm?

Kita_
Valued Contributor

Re: RDP - Network Level Authentication

Yes, if you don't have an assigned rep, you would need to contact the regional sales representative in your area.  You can contact customer care and they can get you in contact with the correct person.

Antioch_
Contributor

Re: RDP - Network Level Authentication

Thanks for the information Kita. I contacted Juniper customer care and there locating a rep for me to be placed under the enhancement request. Hopefully we get some forward momentum on this with multiple customers asking for the feature

support_draft_
Contributor

Re: RDP - Network Level Authentication

Hey Steve, have you ever used REMOTE SPARK java client?

 

How good it is?