Running Junos Pulse & NetworkConnect together........

MrLou_ · ‎01-07-2014

Recently my company asked for a client VPN to be issued throughout. So we made the effort to upgrade our SA4500 to version 7.3R7 to facilitate the Junos Pulse.

We created a package with the Junos Pulse and now it pushes version 3.1.38707 to all users.

We just got some consultants in to do some external work for the company and they came in with Windows XP SP2 locally and abroad. Their company does not plan to do any upgrades to their machines until later this year.

One of the users actually has an updated machine which has Windows 7 Home Edition. NC worked fine for him in the past but the Junos Pulse does not work for him. It allows him to login and download the software, but upon installing it I get the following message in attempting the upgrade:

Failed to download the application. Please sign in and try again. If the problem continues, please contact your system administrator.

On the SA4500 I have disabled the "ENABLE WEB INSTALLATION AND AUTOMATIC UPGRADE..........." feature.

I have done : KB20948 - Juniper Setup Client message: Failed to download the application

Along with [KB26049] Show KB Properties and some others.

The company is now asking to run Pulse and NetworkConnect all at once because they feel like others will experience it and create a problem for our tech support department. Now I know that Pulse is the replacement for NC so is there any other way to work around this?......A downgrade that will accommodate everyone? Something?

Thanks all in advance for any responses.

zanyterp_ · ‎11-19-2007

Glad to help and that the new role is working for you

Yes, you can setup syslog at System>Log/Monitoring>$LogName>Settings and the system will forward the logs as they are created so that you can do reporting on the other appliance/have a backup.

Another option is to enable archiving at Maintenance>Archiving>Archiving Servers. This will send the files to an SCP or FTP server on a schedule that you define. This lets you keep a non-realtime copy (and can remove the stored logs automagically if desired)

mattspierce_ · ‎07-27-2010

I setup my companies gatway to have a seperate realm for contractors. I did this so they would get a SecurID prompt only where users get promtped for SecurID and Domain. There are times where I wish I had not gone down this road as sometimes I will feed a user a resource that was setup with SSO enabled and it will fail for contractrors since they lack the Second Login. Your goal sounds like it could be achieved easier with a sperate role. You could role map them manually with a stop processing check, or use Directory lookup to assign them their role.

MrLou_ · ‎01-24-2012

Zanyterp, Bobj, Mattspierce

Thank you all for your reply's. Your info's made it quite easy to complete this task. I didnt create a new REALM but I was able to create a new ROLE and configured it to work with the NC and it worked fine. Good stuff guys, I really appreciate it.

Tell me this other thing, other than the log files on the SA4500, is there any way to export user login information on a daily or weekly basis without having to log into the device and download them manually?

This is one of the devices that was dropped in my lap to deal with as I am the only one they are allowing to manage at this stage until I am up to speed to teach others. I am sure I will need some training very soon.

MrLou

zanyterp_ · ‎01-07-2014

You can have both configured on the system for different roles; however, you cannot have both active for a user at the same time. Users will have to choose if they want a Pulse role or a Network Connect role. Do the consultants use the same realms/roles as standard employees? If no, as I would expect, you can leave Network Connect on the consultant role but leave Pulse on your employee role.

Yes, the message is because you are not allowing the web-based installation of Pulse.

MrLou_ · ‎01-07-2014

Zanyterp, thank for the reply

Up until last week, they did not have seperate REALMS for them. I put the option forward and just got it apporved yesterday. So I will be creating that REALM sometime today. Once creating that option, am I correct in saying " I should be able to assisgn NC for that new REALM"

With relation to the web based installation of Pulse, I was allowing it. It did downlaod, but then it asked to be updated. This was where it bombed out. I was reading in the KB where it says to disable that feature in order to allow it to install. I did that but it still had the same issue. Thats all I was alluding to.

zanyterp_ · ‎01-07-2014

You are welcome, MrLou.
The realm is where the user logs in against; the role is what defines the access permissions. As long as you have a role created for your contractors that uses Network Connect, yes, the new realm can use Network Connect.

I apologize for misunderstanding what you were saying. Sounds like you have found an issue with the installation (either on the Pulse-side or on the Windows-side).

Bobj_ · ‎01-08-2014

you do not need to create a new REALM you just need to create a new ROLE with NC configured and map the user to the new role.

Running Junos Pulse & NetworkConnect together........

Running Junos Pulse & NetworkConnect together........

Re: Running Junos Pulse

Re: Running Junos Pulse & NetworkConnect together........

Re: Running Junos Pulse & NetworkConnect together........

Re: Running Junos Pulse & NetworkConnect together........

Re: Running Junos Pulse & NetworkConnect together........

Re: Running Junos Pulse

Re: Running Junos Pulse & NetworkConnect together........