Re: iPad / IPhone / Mac Host Checker - Page 2

michael.saw_ · ‎01-08-2012

Hi All,

Is there a way to detect and differentiate the devices (IPad, iphone and managed laptop) accordingly?
Assuming that there are no certificates any of the devices.
How can we differentiate it?

is there a link to a Juniper document on this?

Thanks in advance!

Roxanne_ · ‎05-17-2012

I have Create role for Junos Pulse users using AD Group to do role checking for allowed Juno's Pulse users then set up under the Role, General Restrictions Browsers, "only allow users matching based on the user-agent*" enter JunosPulse* Allow,

then under our NC and other roles for windows i created under Browser restrictions "only allow users matching based on the user-agent*" user agent i entered "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Tablet PC 2.0; MS-RTC LM 8; Media Center PC 6.0)

This pushes all iPad and iPhone users to use the specific role that doesn't allow any thing but RDP to do this

Under Network connect access policies there is a policy that allows the junos pulse role to use tcp over port 3389 for RDP access. and a under NC Connection profiles i added the role to give them the IP connection required but No other remote Access is given to these users.

Still working on controling my Mac users but we do have a profile using JAVA RDP that allows them remote desktop so they don't need NC so we just put them in profile with out NC.

zanyterp_ · ‎05-21-2012

the admin guide is our best location for this information.

to differentiate between iOS clients and desktop machines, you will need to use a browser restriction on the realm or role.

for managed laptops, you can use host checker to guarantee it is our laptop; if you customize your user-agent, you can use that as well

ermias01 · ‎08-07-2015

I did the client cert and added custom expression that checks the certAttr.altName.UP = xxxx

That way I was able to specify devices that can access the role.

For example, if the login user is member of allowed mobile users and UPN is IPAD458, then map the role ...

group.AllowedMobileUsers AND (certAttr.altName.UPN = 'IPAD123' OR certAttr.altName.UPN = 'IPAD234' OR

Filbert · ‎08-07-2015

Why not just have the users install Pulse from their App store and connect? The Pulse client supports HostChecker although with much less available polices than on a PC. Network Connect is not available for those devices so even if they get past HostChecker NC isn't going to run for them.

zanyterp · ‎08-10-2015

What version of the software are you using? Host Checker has been supported on the Mac since 5.0; however, the Cache Cleaner and SVW elements of Host Checker are not available on non-Windows platforms.
Host Checker is available, as previously mentioned, only on iOS devices using the Pulse Secure client.
Network Connect is not supported on Mac OS versions >= 10.9; however, 10.8 users should be able to launch Host Checker and Network Connect successfully (as long as they have allowed Java to run and set the permissions in the Java preference pane to allow the site as an exception).