Wrong forum. While this one is poorly named, its for the SA Appliance runing the IVE operating system. You need the firewall / ScreenOS forum for your question ... View more

Are you serious? The default role takes precedence over the configured role settings? Is this true? ... View more

I have found you need to enable session IP roaming with air cards. If you don't allow this in the Role session settings, the connection will drop if the IP changes. FWIW. -=Dan=- ... View more

I have an open case on problem signatures on the AV signature file downloads. I asked him to give me JTACs recommendations on what "modern" release that is most "stable" for the SA-4000 box. Will tell you what he says. -=Dan=- ... View more

Good Suggestions. The SA box has an option of having applets be removed after logout. I, too, have had issues with users successfully downloading the upgraded Network Connnect without problems. My thought was to turn on having applet removed on logout a week before upgrade so the majority of machines would NOT have the Host Check or Network Connect clients loaded and would get a "clean" install. Anyone try this? Or would this just create more problems and support calls? I agree that being able to "phase in" Network Connect upgrades would be very helpful. What, exactly, is the issue with upgrades and Host Checker? TIA -=Dan=- ... View more

I believe 6.1.x is the minimum version for a SA-x500 version. Yes, you can XML export sections of your config. I would do one section at a time. Do the export in both the old one and new one. compare the files and add missing data. Very manual, but the newer versions have different XML tags and such. I would use a tool like WinMerge to help with diff's. As another thought, it is VERY hard to downgrade versions unless you have backed up both the system and user configs. ALWAYS do this first so you have something to roll back on. -=Dan=- ... View more

I've had this working for some time. Assumes AD & Login Scripts. \\AD.Domain\NETLOGON\loginscript.bat eg. \\na.vul.com\NETLOGON\co.bat I've only got .bat files to work reliably. you CAN'T use and LDAP attribute for the login script name (even though it's in the user's LDAP attribute list. That's an enhancement I wish would go on a wish list) -=Dan=- ... View more

There's a little more to it than that... Without a Secure Meeting license, you only are allowed two concurrent users. Under System/Configuration there a tab for Secure Meeting. Here you setup Email notifications. Enter an SMTP server and and SMTP Email address. If you don't have a Secure Meeting license, you don't get the extra Meeting tab under Auth Servers. Without this, you can't setup the LDAP user lookup for sending meeting requests. Since the two person deal is intended for support, you probably don't care. If you have the Meetings tab: For Active Directory: Username: samaccountname Email Address: mail Display Name, Attributes: Name,displayName Location,department (these are optional) Note: There's a bug in the early 6.2 releases that broke the Email Address lookup feature. This is now fixed in newer releases. Finally, to help users join a meeting, you can add a web bookmark for meetings: Make the url https://<loginHost/meeting/ You can also create a web bookmark to create a meeting with the URL https://<loginhost>/dana/meeting/meeting_daily.cgi -=Dan=- ... View more

I'd sure like to get Firefox 3 support. Also have a broken Peoplesoft on Mac Safari, but who knows if a new rewriter will fix that... ... View more

1. You want to use LDAP unless you are dealing with multiple domains. As long as it's only OUs, no problem. 2. Only two things you need to do in production is add a SSL certificate to your domain controller you will use for LDAP since changing passwords requires ldaps. Every DC is a LDAP server, but you only really need to pick one and one more for redundancy. You also need a LDAP "Bind" user that has the right to update passwords. 3. Start your LDAP search base at the uppermost OU (domain OU) as other described. It's counter-intuitive, but AD authentication is very limiting. The only benefits are allowing specifying of domains and automatic group use. LDAP allows you to use user attributes for drive mappings, and much better password management. The only down side is having to populate your catalog with the groups you are going to be using. At first I tried AD authentication with LDAP authorization, but this doesn't help you with the password issues. Bottom line: Use LDAP ============================= Finding user entries Base DN: dc=domain,dc=company,dc=com Filter: samaccountname=<USER> Determining group membership Base DN: dc=domain,dc=company,dc=com Filter: cn=<GROUPNAME> Member Attribute: member "Uncheck" Reverse group search Query Attribute: Nested Group Level: 3 ?Note: never specify more than 5 per JTAC? Nested Group Search: "Check" Search all nested groups ... View more

Are you running against Web Interface 4.6, and which IVE version are you using. ... View more

Not that I know of. This feature is a little funky. Also, the browser tag of NC acts weird as well, so we've had issues logging in with a realm with browser restictions. ... View more

Our SE talked about the bookmarking published Citrix Apps and getting the application icons. Wondering what the status on this feature set. ... View more

I think it's actually hostchecker that's hanging firefox 3 ... View more

Does it fix the issue that Firefox 3.0 hangs after login at.. https://sa4000.domain.com/dana/home/starter0.cgi?check=yes ... View more

My SE got me the link for the private release of 6.2r2. I'd highly suggest working with this release and not 6.2r1. ... View more

I have a pair of 4000's and a 4500 in production. I have a 2000 in the lab with a lab license. The config installs just fine on the 2000. ... View more