- Pulse Secure Community
- :
- About Kalex_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
Kalex_
Contributor
68
Posts
0
Kudos
2
Solutions
08-06-2010
02:01:AM
Agreed, that would be just the thing you would want in a DTE. OK, now I'm selfish too!
... View more
08-05-2010
01:13:AM
Be aware that Muttbarker's URL points to the DTE, Demo and Training Edition. This appliance is fixed 2 user, and so cannot be licensed for anything more. There's also the SPE - Service Provider Edition - VA that can be downloaded, and also cannot be clustered. By the way, you should ask yourself why you would want to cluster a VA: almost all of clustering functionality can be obtained by using push config and/or the underlying hypervisor's VM move facilities (in this specific case VMotion). I really don't expect clustering to be incorporated in the VA editions, unless customers really really really want demand it. Best regards, Alex
... View more
08-03-2010
05:02:AM
Please make sure the target host (VDI server, VM) is allowed in the policy or profile. The easiest way it to auto-allow policy targets in a profile. Best of luck! Alex
... View more
08-03-2010
04:55:AM
Hi Knobbynoo, it's already available in IVE OS6.4 - I think it was R2 - and up. If you use 7.x (recommended, imho) it certainly is, and works rather well. Best regards, Alex
... View more
07-30-2010
02:22:AM
Another way, although a little more creative (no guarantuees) I had to use was the following: - create an NC connection policy for each location, like LOCATION_NC_CPROFILE - create a role like LOCATION_NC_USER - now assign the role to everyone that logs on to a specific SA with a custom expression Example: For a user that connects in Paris, France: - User is mapped to role FR-PARIS_NC-USER by MApping rule with custom expression 'Loginhost=192.168.1..1' - FR-PARIS_NC-USER is assigned the FR-PARIS_NC-CPROFILE with 192.168.10.0/24 network and all other options, like location-specific proxy, DNS etc etc. Good luck!
... View more
07-09-2010
01:54:AM
BTW, you can use Pulse as a generic VPN client not only for your IVE, but also for your SSG series devices.
... View more
07-09-2010
01:51:AM
I've replaced NC on my user role with Pulse, and I'm rather happy with it. One thing I particularly didn't like about NC (and WSAM) is that they crashed my Win7 system when going to standby or hibernate. Whether that was a problem local to my notebook, I still don't know - but Pulse works rather well and doesn't crash my Win7. What I don't like though, is that Pulse auto-starts after installation and repeatedly tries to connect to the SA. Quite annoying, actually - most of all because there's no clear setting to disable this behaviour. Aside from that: I'd recommend Pulse anytime.
... View more
06-29-2010
04:46:AM
Well, with current settings it's not possible indeed. But, if you have administrative control over GPOs forcing proxy settings in IE, you could fix the problem like this: 1 enforce Auto proxy and put either a DNS or DHCP entry that points to the PAC URL in the office LANs; 2 Remove any direct access between users and internet in the office (of course); 3 Add a proxy in the NC Connection Profile you want to use, quite possibly the very same as in step 1 Now, all mobile users will use Auto detected proxy settings. At home, there's probably no wpad.office.lan DNS entry, nor a DHCP server supplying such a url, so: OK. If there is: no conflict, OK^2. If they _are_ at the office, there's no internet connection availbe: OK once more. Autodetect supplies them with wpad.office.lan, and that's fine too. Now they try to connect to NC on the SA: as mentioned before, this works fine. And now, by their assigned role's profile the are assigned a proxy too. By enforcing all internet-targeted traffic through the tunnel, combined with the proxy, you should theoretically have solved your problem and even better: your road warriors can use IE on the road as well.
... View more
06-29-2010
12:33:AM
Indeed, I just had a chance to investigate this, and you cannot set an exception when using a PAC. Hm. Me dumb, go eat puter. And using another browser just to connect to the SA and start IE afterwards, would that help you out while we start digging again?
... View more
06-28-2010
08:56:AM
Ah, that's not what I thought indeed. Setting an exception for the NC access URL doesn't help?
... View more
06-28-2010
07:55:AM
Well, it should be possible: - create 2 roles, with role restriction on source IP - create 2 NC profiles, 1 with and the other without proxy setting - assign the role on office LAN restriction with proxied NC profile - assign the other LAN restriction (preferably 'any, not equals office LAN') to the no-proxy profile and away you go. Haven't tried this yet but should work.
... View more
06-14-2010
02:30:AM
Hi SK, you are on the right forum - the first post didn't mention anything juniper IVErelated at all, and I'm a rather simple guy Is the number sent to the DHCP server always different? I'm thinking it could be the initial hostname of the IVE - with DHCP, a client can send it's hostname along with the DHCP request, although I don't think that's the issue here. Is it possible to capture some packets and attach them to this thread (preferably wireshark / tcpdump captures)?
... View more
06-11-2010
08:32:AM
Hm. Is the client trying to renew an IPv6 address? Oh, and you've probably poste4 in the wrong forum
... View more
05-23-2010
01:29:PM
Hi Mazhar, how did it work out? Does the anon realm work? Thanks!
... View more
05-21-2010
11:19:PM
There is a possibility that I never tested: Connect the SA to the outside world. Put the original 443 on a separate realm located at / on the SA, and use aonymous auth. Add the SA login under /login and use your preffered auth method. Theoretically, this should solve your problem. Please test! Good luck.
... View more
05-21-2010
11:15:PM
Hi Mazhar, the idea is to open 2 ports outside, each one pointing to another internal device: 1.1.1.1:443 -> 192.168.1.1:443 1.1.1.1:9443->192.168.1.2;443 Although this may be unpractical. What is the other 443 device? Apache webserver?
... View more
05-21-2010
06:09:AM
Hi player, I'm quite unfamiliar with Nortel's SSLVPN so could you tell me more on what exactly it is that you need? Thanks!
... View more
05-21-2010
05:59:AM
There's one thing I'd like to know: do any other apps that include DLL files install fine? More specifically, do other network-integrated apps install and run without any problems? I know there are tools and hardware PCI cards that revert any installation to its original state after e.g. reboot. Do you use any of these?
... View more
05-21-2010
05:48:AM
Maybe it is... I just don't know.. What is the common factor here? (Aside from all those users running Windows, of course) - Are they all on e.g WinVista x64? - are they all running antivirus brandX? - are they all admins on their system? - are they all in 1 specific AD group? - do they have a common role?
... View more
05-21-2010
02:40:AM
Are you comfortable fiddling with Windows NTFS ACLs? You could try auditing the folder and content, easily distributed with GPO. Although the overhead will probably be rather hefty....
... View more
05-21-2010
02:38:AM
Hmmm... do these files disappear after connecting with the SA? They probably disappear at unknown moments and that only gets noticed when connecting, so this is probably quite a stupid question...
... View more
05-21-2010
02:27:AM
Hi -red-, I've been discussing this with a colleague who has some experience with the 6xxx series and apparently, the number of profiles shouldn't be that much of a problem - not even for the admin interface. Do you have any results from JTAC? I'm rather curious
... View more
05-21-2010
02:21:AM
Hi Fredrik, this sounds like problematic updates for the NC client components. Probably best to deinstall the NC client, reconnect to the SA and have the client installed a second time. Good luck!
... View more
05-20-2010
01:52:AM
Hi Littlezip, I don't think you can exchange the disks; first of all, as the 6000 series is older than the 6500 series, chances are that there is a different vendor, different type, or even different connectors (IDE/PATA, resp. SATA). Then again, I really don't know. So try it if possible, and let us know!
... View more
05-20-2010
01:47:AM
Also note that you may be confronted with a firewall (either running on the VPN client or between the 2 nets), or that you did not yet enable RDP functionality on the VPN client.
... View more
05-19-2010
06:33:AM
Hi Eagle, my pleasure! I wonder: did you try forcing (o)NCP on these users? If so, did it make any difference? And are all of them running the same OS? Same build, same x86-32 or x86-64? You might as well look at the drivers for the network card, maybe all these users are running a specific build that has power handling issues - so, the power component drivers may work fine, but the nic drivers aren't. Best of luck!
... View more
05-18-2010
03:00:AM
Hi Eagle107, I've not encountered this specific problem, but my Win7 (x86-32) system often crashes rather hard when waking up from standby/hibernation. It looks like it's depending on where I've started (HW button or system menu) this mode but I haven't researched this yet. As a workaround, I quit the client (both WSAM and NC have this problem) before putting the system to sleep. What OS are your clients running? What you might try is forcing one of the two available modes for NC: - ESP (=IPSEC) - or NCP/oNCP (=SSL) for the clients, maybe the problem exists with only one of them. These settings can be found in the NC connection profile. Also, when you use NCP/oNCP for transport, you might try forcing NCP if you are still experiencing problems. By the way: you really should contact JTAC on this as well (as should I )
... View more
05-18-2010
01:47:AM
BTW, you may find this post helpful: https://forums.pulsesecure.net/topic/pulse-connect-secure/40314-64r3-to-65r4-upgrade
... View more
05-18-2010
01:34:AM
Well, there is not much info on upgrading in the Admin or Quickstart Guide (probably because it's rather straightforward), if you want to run 6.5Rx you should check the admin guide p. 704. Aside from that, I don't know. Maybe there's more in the knowledge base? And check this forum, of course EDIT: In the KB, there's indeed an article referring to upgrades: http://kb.pulsesecure.net/KB10166 But it's limited to IVE OS 6.0 at most and doesn't contain the info you are looking for. I think it's best to contact JTAC then, before upgrading, and also to enter an RFE. Best of luck!
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
