- Pulse Secure Community
- :
- About bratfett_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
bratfett_
Occasional Contributor
12
Posts
0
Kudos
0
Solutions
06-21-2010
06:53:AM
Hi, thanks for your reply. I like to configure Microsoft NAP Servers as IMV Servers to our Juniper SA. On the above link i found the following: http://www.juniper.net/us/en/products-services/security/uac/#modules My Question: Juniper UAC supports Microsoft NAP/SOH with an own Module. Can i configure Juniper VPN SSL SA 7.0 on an 4500 Cluster for comunication with an Microsoft NAP Server? regards
... View more
06-15-2010
04:12:PM
Hi, is it possible to integrate Microsoft`s NAP within Host Checker. Is HC able to understand and to handle SoH? Kind regards g
... View more
03-15-2010
11:32:AM
Hi, i have one very basic question. i want allow remote nc users access to an intranet webserver with the ip 10.2.2.2 on port 80. An ACL entry like -> tcp://10.2.2.2:80 should be the right way. Is this correct? I ask this because i got confussed after reading the chapter "Use Case: Network Connect Resource Policy Configuration" in the Secure Access Configuration Guide 6.5 on page 667. It seems that in this real world example they explain to use the address range of the nc client IPs in the ACL. Is this example from the admin guide maybe wrong? kind regards
... View more
03-15-2010
02:26:AM
hi, eventlog reports: application hang -> dsSamUI.exe can not run under windwos any longer. regards
... View more
03-14-2010
05:06:PM
hi zanyterphi! thanks for the answer - i allready tought that it had to be possible. >Where is the proxy sitting: between IVE and backend or between user and IVE? The former I do not believe is supported and may cause apparent freezes; Well, i struggle a little bit with my english right now. You mean, when the remote user connects to the ive and this connection went through a proxy -> it is not supported - right? In my case, the remote client has an direct connection to the ive (there is an proxy exception for the ive url in the internet explorer settings) 1)remote user connects via internet explorer the ive sign in page 2)wsam starts 3)now all the ie traffic should run through wsam and ive -> the ive has an acl for the company proxy and should work now as revertproxy and should transfer all IE requests to the company webproxy server >Does a TCP dump show connections from the IVE to the backend? you mean, is there direct traffic from the ive to the internet webserver which the user like to browse -right? i do not know because i got freezing and bluescreens before my wsam log shows: session timeout occured, shutting down -> lots of times the same line but this occurs allready after a couple of seconds after wsamstart today i got a blue screen again ->bad_boot_caller wos the message the notebooks works normaly without issues i got only bluescreens when i start wsam. any ideas? kind regards
... View more
03-12-2010
11:30:AM
Hi, first of all - thanks for your answers! the issue still occurs. good to know that it acctually should work, i have no glue why i am not able to get it run stable; is just tried it some minutes ago and still got an frozen wsam after some minutes. hmm, i realy have no idea, but thanks anyway. kind regards
... View more
03-11-2010
01:01:PM
hi, does anyone know if i can use iexplore.exe as an wsam application. the goal would be to control http/s traffic from remote clients via company proxy. i tried to implemet this scenario in an test environment, at the beginning it seems to work well, but in the end i had many times a " frozen" wsam -> only an reboot helped and at the time when blue screens occured on my client -> i gave up. my question now. supports juniper, iexplore.exe as an wsam application, or is my way just wrong and not doable. kind regards g
... View more
03-04-2010
03:18:PM
Hi, thanks for your answers. Do you use the shavlik stuff to check for correct patch versions. I ask, because i just have bad experience with the shavlik one and unprivileged user. Kind Regards
... View more
02-24-2010
01:11:AM
Hello, >that means you just put all the windowsupdate to all the client, before testing them? No, we deploy only tested patches. regards
... View more
02-23-2010
01:05:PM
Hi all, i have problems finding a proper way for patching our company notebooks during their vpn sessions. Our remote clients are all windows7 enterprise notebooks with underprivileged system accounts. Because of company policy only patched clients are allowed the full access role at the startpoint of an vpn session. . If the client becomes out of compliance because of an missing patch during an vpn session he remains in the "full access" role and has only to download the patches from company wsus. For internal lan connected workstation we use the update mechanism in the way that downloaded patches gets only installed during the shutdownprocess Because we do not want to interrupt users with an possible necessary and user unapproved reboot after an installed patch. For the remote connected clients we tought about an similar way. .) At the begin of each vpn session, HC on the role mapping level is checking for missing patches. .) If one is missing the client becomes mapped to a validation role. .) In this role wsam starts and runs a startscript on the client -> wuauclt.exe /detectnow . ,) Clients gets connected to wsus and download the missing patches. The problem at this point: The patches are only downloaded, but not installed -> an reboot would install the patches, but wuauclt gives no return value. this mean i can not detect the point when the patchdownload is finished to initiate an reboot -> which would start the install process. i know that some other tools exist which could download and install and even reboot the client but because wsam runs as an underprivileged system account i can not use them. if i set an global wsusrule to download and install patches, i run in the problem that mobile clients within the companylan could be restarted without user approval because an automatic installed patch update needs an reboot. Maybe someone of you guys solved an similar problem or just has an tip for me. Every help is realy welcome. Thanks in advance and kind regards. gerry
... View more
01-14-2010
11:41:AM
hi, i like to implement nc (ive 6.5r3) for windows 7 and vista clients, and do some research at the moment i found this note http://kb.pulsesecure.net/index?page=content&id=KB9678 &actp=LIST_POPULAR is this still a point in the newer ive version - propably yes! i am in the decission for wsam or nc -> i actually would need nc but to disable this microsoft security feature makes me not happy. kind regards
... View more
01-14-2010
06:38:AM
Hi everyone, we use Microsoft WSUS for patching Client OS. We do not deploy all MS Patches to our Clients, we only deploy intern approved Patches .. This means that the patch version information from the juniper staging site is not helpful, because it includes patches we would never deploy. To use it togehter with HC for our roadworriers, means to manually edit the item "scan for specific patches" at the IVE, each time we deploy new updates. I like to avoid these job and use WSUS patch version information somehow within the IVE, as own staging site - is this possible? Regards
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
