Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windows Updates

DeaconZ_
Frequent Contributor
‎01-26-2009 12:16:PM
‎01-26-2009 12:16:PM

Windows Updates

Is there a way that the SA-4000 w/ SAM can perform some kind of network access protection or remediation with regards to Windows patches?

Perhaps the hostchecker can look somehow to see if patches are missing and if so, it can take the user to a remedial network/webpage to fix the problem?

I know Windows 2008 has this capability built in when you use it as a VPN with NAP. What about Juniper?

Current Platform:

SA-4000

OS 6.0R5 (Build 13073)

0 Kudos
7 REPLIES 7
miked_
Contributor
‎01-27-2009 05:07:AM
‎01-27-2009 05:07:AM

Re: Windows Updates

Hello, I am using WSUS on the backend and have it setup where clients can access the WSUS server through the WSAM, works like a charm- i approve updated and when end users log into the SSL, the clients contact WSUS for the updates.
0 Kudos
DeaconZ_
Frequent Contributor
‎01-27-2009 05:22:AM
‎01-27-2009 05:22:AM

Re: Windows Updates

I have that as well. But I'm concerned with immediate remediation of vulnerabilities. In other words, if they are not patched I can't let them have full WSAM access to internal resources until they are. I can't let them have access while I'm waiting on WSUS.
0 Kudos
miked_
Contributor
‎01-27-2009 05:29:AM
‎01-27-2009 05:29:AM

Re: Windows Updates

Understood, so in that case you would need to set a rule for host checker to look for the particular patch, and if not found, offer a remediation screen for the end user to download it and install. Of course thats a lot of manual maintenance.

0 Kudos
DeaconZ_
Frequent Contributor
‎01-27-2009 05:32:AM
‎01-27-2009 05:32:AM

Re: Windows Updates

Yeah I know. I don't have a choice though. There are national security risks involved.

Thanks for your help. I'm working on a HC rule that looks for the registry string for each windows patch.

0 Kudos
miked_
Contributor
‎01-27-2009 05:35:AM
‎01-27-2009 05:35:AM

Re: Windows Updates

No problem, maybe someone else can chime in on another way... or maybe a new feature in one of the newer software releases
0 Kudos
jeffreyl_
Occasional Contributor
‎01-27-2009 05:52:AM
‎01-27-2009 05:52:AM

Re: Windows Updates

I have never found a really good way to accomplish what you are trying without doing individual HC polices and redirecting the user to the patch with a custom remediation page.

I did add a comand to our NC start up scripts to force the clients to connect to the WSUS servers.

run "@lanroot\wuauclt.exe /resetauthorization /detectnow"

The 6.2 firmware now has a Shavlik scanner included in the HC policies and I am starting to look at it's functionality.

0 Kudos
DeaconZ_
Frequent Contributor
‎01-27-2009 10:01:AM
‎01-27-2009 10:01:AM

Re: Windows Updates

So I have the custom page pop up, but its this ugly yellow and I can only edit part of the message in html.

Is there a way to edit or make a whole different page than the one it gives you?

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.