- Pulse Secure Community
- :
- About kalagesan_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
kalagesan_
Super Contributor
375
Posts
0
Kudos
47
Solutions
05-12-2014
09:39:PM
Hi Natasha, With Host Checker antivirus remediation, we can prompt the endpoint to download the latest virus signature files, turn on antivirus protection, and initiate an antivirus scan. Even with Pulse, AV remediation should work as long as it is enabled in Host checketr policies.So pulse remediation should work both for users connecting through browsers and using pulse clients Hope you have Download latest virus definition files check box option enabled as part of remediataion for the AV in SA admin GUI in Hostchecker AV policy configuration. Enabling this will enforce client to download the AV definition files which are missing however the AV installed on the machines should also been enabled to download the AV definitions. If possible you can get the URL for virus definition update URL from AV vendor and you can add this URL for users who are remediating by enabling Customer instructions . This is part of remediation config in SA HC rule. In pulse GUI when its remediating , the message should be "update in progress,once update done you will connected to network". If the pulse client get stuck during remediation, we need to check the pulse debug logs at detailed level to understand what is happening during this time. Since it needs log analysis to confirm whether there is any issue at pulse or hostchecker side I recommend you to open a JTAC Case for further support. Hope this helps. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
05-12-2014
09:31:PM
Hi, I understand your issue. Yes your requirement is possible and supported SA MAG VPN , you can use Custom sign in pages where you can customize and write your own HTML codes based on your requirements. This HTML pages can be uploaded to the SA and you can map these sign in pages to your sign in URL in SA admin GUI. I have given you the below URL's for Custom Sign-in Pages Solution Guide, you can access the below URL's for more information: http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.4-customsigninpages.pdf Custom Sign-In Pages Developer Reference: http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/security-access-custom-sign-in-pages-developer-reference-8-0-5-0.pdf Hope this resolves your issue. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
05-09-2014
10:24:AM
Hi Stephen, Thanks for the update, I am glad that the suggestion helped you Regards, Kannan
... View more
05-08-2014
11:44:PM
Hi Stephen, I understand your issue. The below Juniper Knowlegde base link also information on Details on fixes for OpenSSL "Heartbleed" issue with respect to Junos Pulse/IC (UAC). http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB29007 The above link also has fixed release information in 5.0 UAC, 4.4 UAC , 5.0 & 4.0 Pulse , you also have download link from this KB which redirects to the s/w download site. I hope this will help you. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
05-08-2014
11:30:PM
Thanks Sean, I am glad that the suggestion provided helped you Regards, Kannan
... View more
05-07-2014
08:48:PM
Hi Sean, Thanks for the response. I have n't come across any scripts that customers use on their end client PC's for AV definition update for remediation however I have seen customers using using the customer URL"s as part of customer instructions where they instruct user to intsall the updates. However on this case I see the pulse client get stuck during remediation, we need to check the pulse debug logs at detailed level to understand what is happening during this time. Since its log analysis to confirm whether there is any issue at pulse or hostchecker side I recommend you to open a JTAC Case for further support. Hope this helps. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
05-07-2014
06:50:PM
Hi Evan, Thanks for the update, hope ESAP upgrade helps, else as you said opening a JTAC case will confirm whether this is bug or not Regards, Kannan
... View more
05-06-2014
08:24:PM
Hi, If the suggestion is not helping and if you still see issue I recommend you to create a support case with Juniper to understand whether this a bug and needs fix. Regards, Kannan
... View more
05-06-2014
08:20:PM
Hi, I understand your issue. Hope you have Turn On Real Time Protection ,Download latest virus definition files check boxes option enabled as part of remediataion for ESET Endpoint Antivirus (5.x) in SA admin GUI in Hostchecker AV policy configuration. With Real Time Protection option on , it Launches the virus-scanning mechanism for the specified vendor. I recommend you to test with latest ESAP package downloaded from Juniper suppor site using the below URL, after uploading the new ESAP package in SA make sure its enabled in SA. http://www.juniper.net/support/downloads/?p=esap Hope this helps. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
05-06-2014
08:10:PM
Hi, we are glad that the sugfgestion provided here helped you Regards, kannan
... View more
05-06-2014
08:09:PM
Hi Sean, I understand your issue. With Host Checker antivirus remediation, we can prompt the endpoint to download the latest virus signature files, turn on antivirus protection, and initiate an antivirus scan. Hope you have Download latest virus definition files check box option enabled as part of remediataion for SEP 11.x in IC admin GUI in Hostchecker AV policy configuration. Enabling this will enforce client to download the AV definition files which are missing however the SEP AV installed on the machines should also been enabled to download the AV definitions. If possible you can get the URL for virus definition update URL from SEP and you can add this URL for users who are remediating by enabling Customer instructions . This is part of remediation cofig in IC HD rule. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-30-2014
07:35:PM
Hi, I think you can use java key tool to generate new Java code signing certificate. The SA device supports the following types of code-signing certificates: ¥ Microsoft Authenticode Certificate - SA uses this certificate to sign applets that run on either MS JVM or SUN JVM. Note that we only support Microsoft Authenticode Certificates issued by Verisign. ¥ JavaSoft Certificate - SA uses this certificate to sign applets that run on SUN JVM. Note that we only support JavaSoft Certificates issued by Verisign and Thawte. After creaing the codesigning certfiicate you can use the below link to know the process of installing the code signing certificate, it is also dcoyumented in SA adminguide. http://www.juniper.net/techpubs/software/ive/guides/howtos/How_To_Certificates.pdf Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-30-2014
07:20:PM
Hi, I understand the issue, suspect the issue with pulse and host checker, not sure whether you have enabled Hostchecker however the below two knoeldegebase links has more or less majority of pulse issues covered, please go through this. I am sure it will help you. http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB26427&smlogin=true http://kb.pulsesecure.net/InfoCenter/indexpage=content&id=KB21443&actp=search&viewlocale=en_US&searchid=1316464152478# if the above KB's not resolving your issue, its important for us to look in to user access logs on IC and pulse client side logs. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-29-2014
07:07:AM
Hi Jeroen, I am glad that our suggestions help you, thank you. Regards, Kannan
... View more
04-29-2014
05:21:AM
Hi Jeroen Bismans , I understand your requirement. WAN clustering is not supported on the MAG Series Junos Pulse Gateways, except as it relates to campus networks. In a well-connected campus network, where the connectivity is more LAN-like than WAN-like, the Junos Pulse Gateways can be clustered in separate buildings. this information is documented in SA admin guide in page# 23 You can use below URL to access the information about WAN cluster not supported: refer page#23 http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/junos-pulse-secure-access-service-8-0-adminguide.pdf Clustering MAG devices are supported on the LAN; but rarely on the WAN. The reason for this is that WAN connections are often the source of sporadic latency and reduced bandwidth that will almost certainly interfere with cluster communication; regardless of whether it is for MAG devices or the previous generation SA devices. In a well connected environment, in which latency remains low and available bandwidth remains high, the ability for each device to fully communicate without pause is preserved and clustered systems should not get confused over which system should own potentially tens of thousands of live user sessions. The nodes regularly communicate session, configuration, and timestamp information and any interruptions and loss of communications will impact cluster nodes, when attempting to recover. It is this LAN or campus network class of service that must be displayed in both the design and delivery, if maximum uptime is indeed the goal, as WAN circuits tend to become congested, when remote access is required. For high latency connections between cluster nodes, to maintain configurations between multiple systems across the WAN, the Push Config feature is the recommended approach. The best network for Active-Active cluster connectivity of nodes is a LAN-Type or campus network with extremely low latency and high bandwidth. Other good practices for an Active-Active cluster, when latency is high are as follows: Note: Disabling session and last access sync will cause users to re-authenticate, when connecting to other nodes of the same cluster. Disable log sync Disable session sync Disable last access syn Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-28-2014
07:51:PM
Hi Sean, Thanks for the update, I am glad that my suggestion helped you. Hostchecker module on pulse will download the latest vrius signatureor patch check files from IC for verification. As per my understanding you can use script to get your local AV installed on the client machine to be up to date and its independent of hostchecker module. Hope this clarifies your query. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-28-2014
01:55:AM
Hi Sean, When you enable remediation action Download latest virus definition files„Obtains the latest available file for the specified vendor from the vendorÍs website. Turn on Real Time Protection„Launches the virus-scanning mechanism for the specified vendor. Start Antivirus Scan„Performs a real-time virus scan for the specified vendor. The check box is active if the action is supported for your product. IC will download the latest virus defintion files based on your configuration on IC admin GUI where it download the XML AV signature files from https://download.juniper.net/software/av/uac/epupdate_hist.xml. AV on the client machine will ensure AV is up to date since it will have AV Update configuration I don't think you need to enable links in customer instructions to download the AV update files. Regards, Kannan
... View more
04-21-2014
06:51:PM
Hi Vivek, AS updated in previuos post using credential provider is the solution for your requirement, You can access more information on how it works and how this can be configured in UAC can be found by accessing the velow URL's http://www.juniper.net/techpubs/en_US/uac4.3/topics/concept/uac-pulse-credential-provider-about.html http://www.juniper.net/techpubs/en_US/uac4.2/topics/concept/uac-pulse-credential-provider-about.html http://www.juniper.net/techpubs/en_US/junos-pulse4.0/topics/task/a-c-c-machine-then-user-at-credprov-configuring.html Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-17-2014
04:56:AM
Hi, As updated in the previous post clustering over WAN links is not supported, this is documented in UAC admin guide. You can use thebelow URL , access the admin guide and refer page#912 for mor einformation: http://www.juniper.net/techpubs/en_US/uac5.0/information-products/topic-collections/Junos-Pulse-Access-Control-Service-Complete-Software-Guide-5-0.pdf Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-08-2014
08:07:PM
Hi Arslan, I am glad that you resolved the issue by using source ip restriction Regards, Kannan
... View more
04-08-2014
12:39:AM
Hi Arslan, I understand your issue. I hope you are using one Authentication realm with one rolemapping rule for each role. Can you have the Dynamic policy evaluation enabled with lesser value like 5- 10 minutes under Realms in IC admin GUI Also have Refresh roles & Refresh resource policies enabled on the Realm. Enabling this will ensure the policies are checked Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-03-2014
07:01:PM
Hi Luc, I don't think LDAP server can support "calling-Station-ID" , you need to use radius server as authenticaton server since "Calling-Station-ID" is a radius attribute and it is not a LDAP attribute Regards, Kannan
... View more
04-02-2014
11:57:PM
Hi Maurice Ben, I understand your requirement , I hope you are using Radius as authentication and Accounting server in your testing. If you are using radius server, you can use rolemapping based on user attribute instead of custom expressions since user attributes list for radius server will list all standard radius attributes including Calling-Station-ID, Called-Station-ID etc. You can make rolemapping based on user attribute and use Calling-Station-ID attribute, either you can use complete mac address or part of MAC address added with wildcard * if you need to allsow set of mac address having similar values in the mac address. Hope this helps. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-02-2014
01:56:AM
Hi Natasha, Below is the URL to access SA admin guide. Refer Page# 57 to 67 in the below SA admin Guide for installing the pulse using command line: http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/junos-pulse-secure-access-service-8-0-adminguide.pdf Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
04-02-2014
01:47:AM
Hi Natasha, We can deploy pulse through Browser, SMS/SCCM & AD group policies. I don't think we have a guide to tell you steps to install the pulse using SCCM however we have clear steps in our pulse admin guide about installing the pulse using msiexec command Web installÑCreate all of the settings that an endpoint needs for connectivity and services, and install the software on endpoints that connect to the Pulse serverÕs Web portal.Pulse servers include a default client connection set and client component set. The default settings enable you to deploy Junos Pulse to users without creating new connection sets or component sets. The default settings for the client permit dynamic connections, install only the components required for the connection, and permit an automatic connection to the Pulse server to which the endpoint connects. Default installerÑA default Junos APulse installer package (in both .msi and .exe formats) is included in the Pulse server software. You can distribute this default installer to endpoints, install it, and then let users create their own connections. Or, after installing the default Junos Pulse package, users can automatically install dynamic connections by browsing to the user Web portal of an Pulse server where a dynamic connection has been made available. A dynamic connection is a predefined set of connection parameters that enables a client to connect to a specific server. If the user is able to log in to the Pulse serverÕs user Web portal, the connection parameters are downloaded and installed on the Junos Pulse client. Preconfigured installerÑCreate the connections that an endpoint needs for connectivity and services, download the settings file (.jnprpreconfig), download default Pulse .msi installation program, and then run the .msi installation program by using an msiexec command with the settings file as an option. You can use the msiexec command to deploy Pulse using a standard software distribution process, such as SMS/SCCM. I will update you about msiexec command in my next update shortly Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
03-20-2014
11:30:PM
Thanks for the feedback Arslan, SInce the requirement is for mainly for mobiles, I think the Mobile Device mangement feature introduced in UAC 4.4 R4 should help you. I recommend you to go through this solution guide availble in our support portal for better understanading & consideration on using it. You can access the document using the below URL: http://www.juniper.net/techpubs/en_US/uac5.0/information-products/pathway-pages/unified-access-control/junos-pulse-acs-device-access-management-framework.html Hope this helps Regards, Kannan
... View more
03-19-2014
09:59:PM
Hi Arslan, To add an update to previous post, currently we don't have a puls e client for UAC for both L3 and L2 connection. Pulse mobile client is available only for SSL VPN connection however if you feel using hostchecker without using pulse on mobiles as a mandotory requirement I suggest you to work with your local juniper accoun team to know the support roadmap on this. Hope this resolves your query. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
03-17-2014
11:05:PM
Hi GStewart, I understand your requirement however I don't think you have an option to exit pulse without manual intervention as on today. If you feel that this is a critical requirement for your business, then I recommend you to work with your local juniper account team & also open a case with JTAC support for your tracking purpose if needed. Hope this helps. Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks! Regards, Kannan
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
