Showing results for 
Search instead for 
Did you mean: 

iPad / IPhone / Mac Host Checker

Regular Contributor

Re: iPad / IPhone / Mac Host Checker

Hi All,

Is there a way to detect and differentiate the devices (IPad, iphone and managed laptop) accordingly?
Assuming that there are no certificates any of the devices.
How can we differentiate it?

is there a link to a Juniper document on this?

Thanks in advance!
Occasional Contributor

Re: iPad / IPhone / Mac Host Checker

I have Create role for Junos Pulse users using AD Group to do role checking for allowed Juno's Pulse users then set up under the Role, General Restrictions Browsers, "only allow users matching based on the user-agent*" enter JunosPulse* Allow,

then under our NC and other roles for windows i created under Browser restrictions "only allow users matching based on the user-agent*" user agent i entered "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Tablet PC 2.0; MS-RTC LM 8; Media Center PC 6.0)

This pushes all iPad and iPhone users to use the specific role that doesn't allow any thing but RDP to do this

Under Network connect access policies there is a policy that allows the junos pulse role to use tcp over port 3389 for RDP access. and a under NC Connection profiles i added the role to give them the IP connection required but No other remote Access is given to these users.

Still working on controling my Mac users but we do have a profile using JAVA RDP that allows them remote desktop so they don't need NC so we just put them in profile with out NC.

Respected Contributor

Re: iPad / IPhone / Mac Host Checker

the admin guide is our best location for this information.

to differentiate between iOS clients and desktop machines, you will need to use a browser restriction on the realm or role.

for managed laptops, you can use host checker to guarantee it is our laptop; if you customize your user-agent, you can use that as well

New Contributor

Re: iPad / IPhone / Mac Host Checker

I did the client cert and added custom expression that checks the certAttr.altName.UP = xxxx

That way I was able to specify devices that can access the role.

For example, if the login user is member of allowed mobile users and UPN is IPAD458, then map the role ...

group.AllowedMobileUsers AND (certAttr.altName.UPN = 'IPAD123' OR certAttr.altName.UPN = 'IPAD234' OR

Re: iPad / IPhone / Mac Host Checker

Why not just have the users install Pulse from their App store and connect? The Pulse client supports HostChecker although with much less available polices than on a PC. Network Connect is not available for those devices so even if they get past HostChecker NC isn't going to run for them.

Re: iPad / IPhone / Mac Host Checker

What version of the software are you using? Host Checker has been supported on the Mac since 5.0; however, the Cache Cleaner and SVW elements of Host Checker are not available on non-Windows platforms.
Host Checker is available, as previously mentioned, only on iOS devices using the Pulse Secure client.
Network Connect is not supported on Mac OS versions >= 10.9; however, 10.8 users should be able to launch Host Checker and Network Connect successfully (as long as they have allowed Java to run and set the permissions in the Java preference pane to allow the site as an exception).