Interesting. If your organization manages the client endpoints I think that this could be managed at the endpoint through whitelisting / blacklisting. Otherwise you may have some luck using Host Checker deny rules based on the ports, files or running process associated with Tor. Depending on how savvy your Tor users are, they may be able to circumvent these types of rules over time. I'd avoid relying on the user agent strings as these are pretty easy to change and fake. Honestly, I think that this should be part your information security team's responsibility and that they should figure out how to block Tor at the Firewall layer (assuming you have firewalls between your SA/MAG and the Internet). Maybe they could add the addresses of known Tor exit nodes to their Bogons lists or a an explicit deny list. ... View more

It gets stranger. I changed the role/VPN tunneling config to use Default/Default for JP Config/Conn Set (VPN tunneling option still unchecked in role) and it works just fine and creates the right URL. I duplicate the exact JP Config/Conn Set with custom name and same URL ect. and it fails. ... View more

Yes, we are concerned about key loggers. So, while users do technically have a password in AD, we only are allowing remote users to access with RSA token. However, even with Kerberos SSO, it still asks for the user's password.   Bottom line is, we do not want users putting in their password on an unmanaged machine. ... View more

Hi, 3.0r3 is available for download on our support site now http://www.juniper.net/support/products/pulse/3.0/#sw Regards, Jay ... View more

I have similar issue with rewriting of urls within flash file. Do I need to configure Juniper specifically to allow urls within my flash file to get rewritten? ... View more

Never figured out why it was happening. However, it is now fixed. I have another vpn that i use to test before an OS upgrade and I logged into that one and it installed the latest version. Later I went back to the Prod vpn and it worked. Weird. Almost like something got corrupted somewhere (although I tried reinstalling the same version too) ... View more

We're likely going to need to get HC logs, so at this point I would recommend opening up a case with JTAC and we will have someone jump on this and get to debugging it. It sounds like some kind of memory leak and likely it is not due to the OS but more likely some other application. Do you know if there is any anti-spyware or AV app running on the same PC? Has anyone tried disabling that for those few days to see if HC still goes up to 100%? Is it reproducible on a stand-alone PC in your lab (say one with basic apps and nobody using it)? This would help us narrow down what is going on. Another thought could be corrupt policy information from the SA but likely that would affect all systems not just a few. ... View more

Sorry about that; I missed that it was in production or else I wouldn't have asked about the testing. Glad to hear that the JTAC case is open for further investigation; has JTAC been able to confirm the same test results that 6.5R2 works and 6.5R3 fails? ... View more

@deaconz wrote: No significant latency to speak of because of the agent. Its just with Network Connect that ALL traffic comes to a standstill. We are working a case with Websense right now. Back on topic... I'm wondering if there's something misconfigured with your Network Connect policies... something that doesn't cause an issue unless Websense RF is involved. Just sounds to me like the Remote Filtering agent is trying to query the remote filtering server and timing out. What kind of access are you giving the computer through NC? Can it talk to the Websense Remote Filtering server / Filtering Service on the ports it needs? I forget exactly how Remote Filtering works (we never implemented it due to cost since it only protects your laptops during the time that they aren't on your internal network or VPN) but I believe it's supposed to shut off when it figures out it's on your network and will be filtered by your Websense Filtering Service, right? ... View more

Weird. I have an old SA-3000 which is running 6.0R11 since it can't go past 6.0x. The public folders in exchange work fine in that one. They also display fine in our corporate office's SA-4000 with 6.5R1. It worked before I upgraded also. Its very strange, its almost like it just can't read the data from exchange. ... View more

We may be interested in purchasing your SA3000 for a repair/replacement of an existing unit. Please advise if the unit is still available. Regards, Travis / Sonar Electronics 801.649.3835 ... View more

So I have the custom page pop up, but its this ugly yellow and I can only edit part of the message in html. Is there a way to edit or make a whole different page than the one it gives you? ... View more

@moreilly wrote: Hi Wayne, I«m not 100% sure, but I think you get the new credentials to the client pc only, if this pc logs-in to the Domain, otherwise the client still uses the cached credentials. Greetings Moreilly If you use Network Connect it will update them after the user is logged in.You can use the lock/unlock method like MrKool said. For some reason though SAM doesn't like it. ... View more

try using the fqdn and set rewriting to no rewriting (use wsam), this however will disable the SSO feature, also make sure your browser security settings on not high. Power On http://vology.com ... View more