- Pulse Secure Community
- :
- About firewall72_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
firewall72_
Frequent Contributor
142
Posts
0
Kudos
8
Solutions
11-16-2009
06:53:PM
Hi, Yes, you would create the WSAM Bookmark, setup the options, and configure the Policy. I think the best way to proceed with troubleshooting this would be go to Maitenance, Troubleshooting, User Sessions, and Policy Tracing. Enter the users login name and select the realm. Record the session as he logs in and trys to access the WSAM bookmark. Then view the log and check for errors (i.e. denied access, etc). I hope this helps. -John
... View more
11-12-2009
05:55:PM
Hi, I would check your Network Connect profile to ensure your have the proper domains listed. Go to Users, Resource Policies, Network Connect, NC Connection Profile, and edit your profile. Check the DNS Domains field. Note that you can add multiple Domains using a comma. -John
... View more
11-10-2009
05:48:PM
Hi, I would recommend the following: - Uninstall the NC client - Patch the system, upgrade to the latest java, and reboot - Install the NC client and test -John
... View more
11-10-2009
05:45:PM
Hi, I would check Maintenance, Troubleshooting, System Snapshot and check for Watchdog and Process snapshot logs. These can be uploaded to JTAC for analysis. With regards to your NC routing. Are you using IP Pools? The reason I ask is because I've come across return routing issues in this scenario. I would check to make sure your NC return route is pointing to the right IP, as well as the correct arp entry for the passive node once it becomes active. -John
... View more
08-31-2009
06:12:AM
Hi Billy, So if I understand this correctly, these users are not permitted to add URL's and the Role has a few external links that are rewriting successfully? If so, how many machines are unable to hit the external links vs. machines that are working fine. -John
... View more
08-31-2009
06:09:AM
Hi, Did you have a license on the box before it was upgraded? -John
... View more
08-22-2009
09:43:PM
Hi, How is your IVE/SA deployed? Is it a one arm or two arm? What does your topology look like? DHCP is typically an easy process with the SA and Network Connect. The problems I've seen is when my clients deploy a one arm SA in the DMZ or the DHCP server is located on another subnet behind a L3 switch. In both cases you would need to configure an DHCP Relay (ScreenOS) or IP Helper (Cisco). Let me know. -John
... View more
08-19-2009
05:58:AM
Hi, I would try removing the Full Scan requirement and have the users still having issues test. I have come across HC/McAfee issues in the past when using multiple checks. This may not solve your problem, but it may help narrow it down. We currently check to make sure McAfee is using the latest DAT and then permit access. I hope this helps. -John
... View more
08-19-2009
05:54:AM
Hi, I would check the "Session Lifetime" time settings by going into Role, and then clicking on Session options. This may shed some light and allow you to tweak for additional testing. -John
... View more
07-29-2009
07:46:PM
Hi, It sounds like you have a name resolution issue. How is the name specified in the client application? Typically, I use IP's within WSAM since it doesn't have to match the client. Once WSAM detects the IP and the destination port it will route it via the tunnel. Is there an issue with using an IP in the WSAM config or are you changing the client app as well? -John
... View more
07-15-2009
06:51:PM
Hi, We've been using IP Communicator with Network Connect for a few years without issue. In theory, WSAM would probably work but I haven't tested it. -John
... View more
07-13-2009
06:41:PM
Hello, I would recommend upgrading to the latest Firmware before you test any further. Based on my recent test results, I don't think Firefox 3.5 is fully supported yet. With regards to VNC, I would recommend using WSAM/JSAM with VNC or Network Connect. I haven't tried using the VNC plug-in. I hope this helps. -John
... View more
07-08-2009
07:58:PM
Hi, I don't recall ever needing to reboot our SA's after a config change. We've been using them for years without issue. I would recommend learning the troubleshooting features on the box (i.e. Policy Tracing, etc). This is similar to a debug in Cisco and comes in handy in times like these. -John
... View more
06-17-2009
07:44:AM
Hi, I would give ProperRDPJava a shot. We've been using this for our Mac clients, so it should support Linux as well. http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&message.id=2879&query.id=1474864#M2879 -John
... View more
06-17-2009
05:20:AM
Excellent, thank you for the explanation. I will be giving this a shot tonight. Once I see the proper tagging, I will need to help my client with AD as well! We tried adding a second domain controller via inter VLAN routing and it still failed. I'm no AD expert so wish me luck :o) Thanks again. -John
... View more
06-16-2009
05:59:AM
Hi, I'm not sure what the issue is with 6.4R1, but I would be curious to know what ESAP you're running and how you're using HC. Let me know. -John
... View more
06-16-2009
05:29:AM
Hi, The project went smooth and the VLAN tagging was applied without issue. However, the client through me a curveball when he requested we setup two AD Authentication servers. Typically this wouldn't be a problem, but he DC sits its own Domain and VLAN. DC1 (Internal Port - Native VLAN) works without a problem. However, DC2 authentication packets are sent untagged via the internal interface. I was hoping since there was a VLAN Interface configured with a connected route it would tag the auth frames. So I guess the SA can only tag using Roles? Do I have any options? Thank you. -John
... View more
06-15-2009
10:34:AM
Hello, I will be assisting a client with a VLAN Configuration. Outside of create the VLAN ports and assigning them to the roles, is there anything else I need to consider? The trunk connects to a EX-3200 switch and the VLAN's are already built out. Since my customer already has his internal port configured with an IP from one of the VLAN's, should we move it to the Management VLAN or does the internal IP need to be in the naitve VLAN? I went through the documentation and posts from the forum but it's still a little unlcear. Any feedback is welcome. Thank you. -John
... View more
06-10-2009
05:02:PM
Hi, OK, one thing to note is that idle time for Network Connect means no data is being routed and encrypted over the Virtual Adapter. Unless it's an extreme short window, it's difficult to have NC timeout due to inactivity (idle). I have a feeling if you connect, lock the workstation and enable Session Recording (Troubleshooting, User Sessions, and Session Recording, you will see in the Trace File that there is activity while it's locked. -John
... View more
06-10-2009
04:12:PM
Hi, There are a few options to consider, but they're at the Role Level. Edit your Network Connect Role, General, Session Options, and configure the "Idle Timeout", "Max Session Length", and "Reminder Time". I beleive this is where you want to make your changes and test. -John
... View more
06-08-2009
06:19:PM
Hi, Based on your #4 reponse, I would double check your DN settings and be sure your Server Catalog is being published before proceeding to Realm and Role mapping settings. Are your groups created at the root of your domain? I find that most times they're organized in their own OU. In the example below, they're in the "users" OU. Edit your LDAP/AD server: 1. Try adding "CN=users,DC=elab,DC=local" to the "Finding Group Membership DN (change/remove CN=users accordingly) 2. Filter = cn=<GROUPNAME> 3. Member attribute = member 4. Save changes 5. Open your server again and click the Server Catalog link. 6. Click the search button 7. Add filter, add seleced, then add the group 8. Once the group has been added to the Server Catalog, you should be able to proceed to Role Mapping in the Realm. Let me know how you make out. -John
... View more
06-08-2009
03:04:PM
Hi, How are you searching? I had issues when entering in the full DN. We search on the common group name and that works well. Try searching on "VLAN" to see if groups with VLAN are displayed. -John
... View more
06-03-2009
06:59:AM
Hello Guys, I figured our a way to accomplish this by creating a custom report in the NSM. Thanks for your assistance and suggestions. -John
... View more
06-03-2009
05:35:AM
Hello Guys, Thank you all for your posts and suggestions. I was hoping to leverage our NSM, especially since our SA's are under NSM management. Anyone? -John
... View more
06-02-2009
01:09:PM
Hello, Type "get ike cookie" (Phase 1) and "get sa" (Phase 2). Most people use "get sa". Check the Status column. "I"= incomplete,"A" = active. If you have VPN monitor configured, you will see either "D" = down or "U" = UP after the forward slash. For example, "A/U" = Active/UP. -John
... View more
06-02-2009
10:38:AM
Hello, I have a customer that wants to report on usage. Any recommendations on how we could track and report on this? At this point, I don't think session length is important. However, successful login, date, time, etc would be great. Thank you. John
... View more
06-01-2009
06:48:PM
Hello, The client apps will automatically upgrade to the new version. With regards to pre-installation, I'm not sure if these packages are availabe on the Juniper site. I've always downloaded them from the Admin UI (Maintenance, System, Installers). In theory, you could upgrade one box, download the installers and then rollback. However, I've always tested in a lab or during a maitenance window first, then proceeded accordingly. I hope this helps. -John
... View more
05-29-2009
05:22:PM
Hello, I typically tell my customers to check the release notes and new features before upgrading. I also advise them to stay away from vx.xr1's whenever possible (like the current 6.4r1). These have a history of causing the most headaches for people. However, in your case you guys are running old firmware and I would recommend 6.3r4. I think your approach is sound, but in my opinion you could still run into issues. I would schedule a maitenance window, upgrade, and test as much as possible. If needed, you could always rollback. I hope this helps. -John
... View more
05-28-2009
07:43:PM
Hi, OK, that appears to be the problem. Can you post the results from a "route print", ipconfig/all, and provide the desitnation network? There should be a route that points to 127.0.0.1 for the destination network. This will force it via the VA (Virtual Adapter). Also, what is the IP Pool you're using? I've come across issues when people use the same IP Pool as the local LAN of the client (i.e. 192.168.1.0/24). -John
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
