- Pulse Secure Community
- :
- About vbroadwater_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
vbroadwater_
Contributor
24
Posts
0
Kudos
1
Solution
12-20-2010
04:51:AM
Unless I'm reading something wrong, the release notes for 1.6.6 only mentions AVG Free 10.x, but not 11.x. I'm also getting asked alot about support for version 11, so this would be good to know.
... View more
11-22-2010
11:09:AM
Just got 4.2 for my iPad and I still don't see the Pulse client in the App Store.
... View more
09-01-2010
06:06:AM
Just a quick question before calling JTAC - Does anyone know if a future ESAP release will provide support for Webroot 7.x? We're currently on 1.6.3 and we only have support for version 6.x right now. Thanks!
... View more
01-29-2010
09:50:AM
It's hard to say what's going on with this thing... One of my users said earlier this week that they were able to use Avira again, and nothing was done on our end to change things. Today it's back to not working again.
... View more
01-27-2010
08:19:AM
Yep, see this thread - https://forums.pulsesecure.net/topic/pulse-connect-secure/31597-avira-9x-failing-host-checker Apparently it's a known issue due to something on Avira's end? Unfortunately we don't know when it will get fixed. In the mean time, I've been advising our help desk to suggest that those users use AVG at least for the time being.
... View more
12-14-2009
01:02:PM
Thank you very much for the details! Now I have something to pass on to the help desk in case anyone else calls in with a similar complaint. Will the Juniper update be in a new ESAP release, or in the signature files that the device downloads on a regular basis?
... View more
12-14-2009
09:45:AM
I'm having the oddest issue with Host Checker lately. User with Avira Free 9.x have been failing Host Checker even though their client softare is being kept up to date. I got the first complaints about 2 weeks ago. I installed ESAP 1.5.5 and that fixed it for about a day. Now those users are failing HC again and we have no idea why. This seems to be the only A/V vendor that users are having issues with right now. Anyone else see this sort of behavior lately? Thoughts?
... View more
11-12-2009
01:11:PM
I just opened a case on this, but I wanted to know if you guys had any insight on this issue. We are having a problem with users that haven't yet logged into a new PC that they are using for the VPN. They enter their window credentials, then they receive the following error - "HostChecker is not installed for current user. Please login without using Juniper GINA and install HostChecker through web browser. (nc.windows.gina.24313)" Since some of these users are remote with new PCs, they don't yet have a Windows profile for HostChecker to be installed under. KB article KB11589 appears to hit on the issue, but with no real solution as the end result to these remote users is that they can't even log into Windows to be able to log into the VPN and have HostChecker install. Is there something we can do either on the VPN or the client side to install HostChecker for "All Users" that may not even have a Windows profile yet? We currently have HostChecker running at the realm level before a user is prompted for their credentials. We've tossed around moving that requirement down to the role level, but I don't want to re-arrange everything if there's another option. Thanks!!
... View more
07-07-2009
12:44:PM
Were you able to confirm if your sticky setting change fixed the problem? Here's how we currently have the load balancing config set up. Any thoughts on what may be wrong here would be greatly appreciated! :) content http://vpn.blahblah.com vip address 1.1.1.1 add service SSLVPN1_2.1 add service SSLVPN2_2.2 advanced-balance sticky-srcip port 80 protocol tcp active content https://vpn.blahblah.com vip address 1.1.1.1 port 443 protocol tcp add service SSLVPN1_2.1_SSL add service SSLVPN2_2.2_SSL advanced-balance sticky-srcip active content vpn.blahblah.com_UDP4500 vip address 1.1.1.1 add service SSLVPN1_2.1_UDP4500 add service SSLVPN2_2.2_UDP4500 port 4500 protocol udp advanced-balance sticky-srcip-dstport balance srcip sticky-mask 255.255.255.0 active And the service configs are a real basic: service SSLVPNx_x.x ip address 1.1.2.1 protocol tcp port 80 keepalive type tcp keepalive port 80 active or service SSLVPNx_x.x_SSL ip address 1.1.2.1 protocol tcp port 443 keepalive type ssl keepalive port 443 active or service SSLVPNx_x.x_UDP4500 ip address 1.1.2.1 protocol udp port 4500 active
... View more
06-03-2009
05:12:AM
Nope, no resolution yet. It's interesting though that you're having the same issue with a different load balancer. Surely there's someone out there with active/active setup that works as it should, right? :)
... View more
03-10-2009
08:33:AM
Good morning, experts! :) I've got a weird one today and I don't know if it's on the SSL VPN side or the load balancer side. Basically, we've got a pair of SA4000s in Active/Active mode being load balanced by a Cisco CSS. For users using Network Connect, ESP mode has never worked and it's always fallen back to SSL. I finally started looking into it recently. I've got content rules on the load balancer for tcp 443 and tcp 80 (in case a user forgets to use https), and one for udp 4500. For the tcp rules, everything works as it should, no problem. Traffic coming back from the IVEs is sourced as the load balanced VIP as it should. But then it gets weird. For the udp rule, it seems to direct traffic traffic to one of the devices just fine, however the return traffic is sourced from the device itself instead of the VIP. This breaks any attempt to use ESP since the end user workstation is trying to talk to 1.1.1.2 and is hearing back from 1.1.2.2 instead. This ONLY happens for the udp traffic... Anything I might have missed? Maybe even a setting on the IVEs themselves? Thanks!
... View more
02-27-2009
10:17:AM
I was afraid of that... Any idea what could be holding it up? Googling the error message comes up with allll sorts of possibilities. And some of them make great sense, but I can't explain why he doesn't have this issues with the Cisco. Very odd....
... View more
02-27-2009
06:35:AM
Is there some sort of file transfer size limit in Network Connect that I'm not aware of? I have a user that's been having trouble uploading a file to a server on our network while he's connected with Network Connect. It's not even a very big file, either. Just 26MB. It's not a permissions issue - the copy definitely starts, because part of it ends up on the server, but it errors out with a 'Copy Error - file path too deep' message. When he went to the Cisco VPN we're trying to move away from, he had no issues. We're running an Active/Active pair of SA4000s with 6.3R2 and the Bandwitdh Management settings are both 0. Lately I've been getting more out of this forum than I have with jtac for this particular product. So, thanks in advance!!
... View more
02-17-2009
06:08:AM
Just a quick update - The problem did appear to be related to 6.2R3-1 somehow. We upgraded to 6.3R2 last week and all has been fine. Then this morning I saw in the logs that it couldn't import the signature file because "Invalid signature - parse error". This is how it USED to act before 6.2R3-1. So yaay for some validation! :)
... View more
02-11-2009
04:27:AM
Thank you!!! I tried checking out the release notes but didn't see anything. Guess I'll have to go check again and look closer this time. :) I'm still waiting to hear back from JTAC. They wanted to review the logs, but I'm not sure what they'll find. I was considering upgrading to 6.3 R3 anyway. Looks like I may be going ahead with that after all. Thanks again!
... View more
02-10-2009
05:38:AM
Hi, everyone. We've had this off and on issue for a little over a month now and I wonder if anyone else has seen this. Basically it seems that the auto download/install of new virus signature is sometimes installing bad or corrupt information and then everyone trying to gain access is denied by Host Checker until we force a new download. We're currently running 6.2 R3-1 with ESAP 1.4.5. A little background: Before this current version, we ran 6.0R3.1. At the time it seemed to do some sort of checksum on the signature file it downloaded as we'd sometimes see errors in the log that it had a problem and it wouldn't install the file. Did they get rid of the checksum with 6.2? Also, with ESAP 1.4.2, when it would install a bad file, it seemed to stop the auto download process and someone would have to force it to download the file in order to get it going again. Luckily that doesn't seem to be the case with 1.4.5 though.
... View more
02-06-2009
06:11:AM
You know... You just might be onto something here. Especailly since some of the people that have reported this issue said that these RDP drops happened at very regular intervals. I think in addition to the OS and browser info I've been trying to gather, I need to ask about firewall clients as well. What OS are you running in your environment?
... View more
02-05-2009
08:55:AM
Oh and if it helps, we're running two SA4000s in active-active mode.
... View more
02-04-2009
10:56:AM
Hey, everyone. I'm still waiting on any info back from JTAC, but I'm curious if anyone else has experienced this issue. I've been having some random users reporting that they're getting their RDP sessions dropped and/or reset, sometimes at regular intervals. But it's not happening to everyone. I'm waiting on those affected to get back to me with some specific information so I can possibly find some sort of pattern. We've been running 6.2 R3-1 since about mid november. ESAP package was updated to 1.4.4 mid January, for what it's worth. Users are using Network Connect and using their native RDP client to connect to whatever. Best I can tell from the complains, this issue of dropped RDP sessions is fairly new. Any ideas? Thanks!!
... View more
01-30-2009
07:07:AM
Absolutely agree about the policy tracing. It really helped me out a TON when I was first setting up this device last year. Unfortuantely for this issue, I never know when (or who) someone is going to try to log in on order to set up the trace, plus they're overseas so we have a time difference issue going on as well. But all's good now. Thanks again! :)
... View more
01-30-2009
07:00:AM
Looks like that did it! Clearly I'm not too good with expressions. :) Thanks for the help!!!
... View more
01-30-2009
06:31:AM
Brilliant! I was definitely thinking too complex... But while that should work, it doesn't appear to be working correctly. My main goal is to have everyone get this 'catch all' role except for users that match to a particular 'web only' type of access role because I don't want them to get Network Connect. So I created two new expressions to negate the ones that match to those users. The expressions look like this: ntdomain != "domain1" ntdomain != "domain2" But when I made adjustments to it this morning and refreshed the roles for the realm, everyone was assgined this 'catch all' role, including the ones that I don't want to get it. Or should I be waiting for someone to re-login to see how the new role mapping actually plays out?
... View more
01-29-2009
09:46:AM
Hi. I'm currently doing a modified version of mapping roles by group membership by using a custom LDAP expression instead. This limits what the SSL VPN is looking for and basically takes it easy(ier?) on the AD server (and its admins!). Everything works great so far, but now I want to set up an 'everyone else' role for users that authenticate to the AD, yet don't match one of the specific roles. The Custom Expression match doesn't have a "not" option like the username match does. Any suggestions on how I can go about this? Thanks!
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
