Hi all, I hope someone can help.
Scenario IVE sa 6000 running 7.0
terminal server user access policy
end users where happily able to connect to the inside terminal services server with no issue. Now FIPS & TLS & certificate have been enabled on the inside TS, users are no longer able to connect.
My understanding is that the IVE proxies the Terminal server connection, so from the TS client perspective it is connecting to the IVE, & from the TS server perspective its client is the IVE.
I'm still trying to understand how the TLS, certificate & FIPS works but I assume there is no way for the real client to verify the real TS server & I'm not sure if the IVE is able to connect to a TS server using TLS certificate & FIPS complaint (I'm yet to find any documentation on that).
If any one has come across this or has some knowledge they could share on this I would greatly appreciate it.
word from Juniper:
The issue with the FIPS requirement on the terminal server includes mutual authentication/certificate verification on the client. Which is not supported on the SA.
There is no ETA for this feature as of now.
You can try using other access mechanisms like Network Connect to access the termninal service with FIPS enabled.