About hulk_

hulk_ · ‎11-18-2010

Can the Host Checker determine if the iOS client is a MacBook vs and iPhone/iPad??? Pulse does not work on MacBooks to my knowledge. MH

hulk_ · ‎11-18-2010

Ihave come across this as well. If one uses the default "Users" url, as I suspect most do, defining multiple realms under that particular url, the Junos Pulse fails. If you create another URL, and add multiple realms to the url definition, then the Pulse client prompts the user for the Realm to log into. Even if you define the Realm, as you can with Windows mobile devices, pointing it at the default URL for USERS, causes the same issue, the client fails to connect. Synopsis: the default url "*/" is not recognized by the Pulse Client whereas "*/Mobile/" will be recognized. I have posted this before, as it was fairly early in the release code, I have not followed up with Juniper. MH

hulk_ · ‎09-21-2010

I believe I have narrowed down the multi-realm issue. If one uses the default "Users" url, as I suspect most do, defining multiple realms under that particular url, the Junos Pulse fails. If you create another URL, and add multiple realms to the url definition, then the Pulse client prompts the user for the Realm to log into. Even if you define the Realm, as you can with Windows mobile devices, pointing it at the default URL for users, causes the same issue, the client fails to connect. Synopsis: the url */ is not recognized by the Pulse Client. MH

hulk_ · ‎09-21-2010

The difficulty is the same for a mobile device as for a client machine, in that, multi-realms cause the application to produce an error message that does not truly reflect the problem. The error message points to a certificate problem with a corresponding "authentication could not be completed" in the application tray. this message would lead one to believe that A). their certificate for the appliance was a problem( eg. expired, corrupt etc.) which in fact, the certificate is OK. B). that , in our case we do not use personal certificates, that the site was now using personal certificates and the user or machine had an incorrect or no valid certificate. I have not reported this to JTAC at this time, as I believe that the application and documentation is still relatively new and needs to mature. Other users of this forum have posted similar findings/questions, and may have already posed the question to JTAC. Although the documentation infers a relatively quick setup process, the application may be doing exactly as the developers had intended it to do, therefore, it is simply a documentation adjustment. I am not currently planning a campus wide roll out at this time, so my intent is to wait and see what comes down the pipe in the next little while. One last thought...is that the Junos Pulse was created for mobile devices (as I understand it), to provide VPN remote-like access and the connection methods appear to be fragmented. Eg... ::>For mobile apple devices (i-touch, i-phone i-pad), the connection method is Net Connect. ::>For mobile windows devices (htc, windows mobile etc) the connection method is WSAM. ::>For Windows machines (XP, Vista, W7) the connection method is Net Connect . ::>For other OS's (MAC, Linux etc), not currently supported ( hopefully a maturity statement). My point is that, when looking at Windows devices for example, whether mobile or not, there are two different connection mechanisms which is (in my view) an administrative nightmare to setup, configure and manage. A single unified client connection mechanism (NetConnect preferrably, others may argue) is the best option for all who have to manage the users and their expectations. Thanks for listening MH

hulk_ · ‎09-14-2010

After the long awaited release of Junos Pulse and a SSL VPN version to support it (yes I did jump to ver 7.0), my i.apple device users are extremely happy to have "NetConnect" functionality from their devices. Painfully, which I find lacking in any documentation is the clarity of what is actually needed. After stumbling for a day or so, it appears that first...you can only have single REALM to a single SIGN-IN page/policy. It appears that Multiple realms causes a problem and an error message is displayed concluding that the authentication failed! (and it does not matter what device type...ipad, window mobile etc.) Although you can set the realm on a Windows Mobile device...it appears it ignore this setting. Additionally, my Windows mobile device users are still disgruntled that they still have to use the WSAM approach, which I find as an administrator rather cumbersome to create policies, application profiles etc, whereas, with the NetConnect approach, I assign an IP to the device and apply policy to the device from several points in the network. (NICE....) The next confusing piece is the Role definitions...especially when you have a mixed device spectrum in a single group or dept. As for the i.apple devices, no problem...just select the Junos Pulse under the NetConnect tab and presto...no -one is the wiser, however, to support the Windows devices, you also have to ensure that the WSAM is selected and of course users being who they are , will try and install/run the WSAM application (yes even after you train them and write documentation to the same effect). Also better ensure that policy and applications are defined as well. And finally running the Junos Pulse on anything other than a mobile device...well good luck. It would well be worth the effort to simplify the number of connection clients to a single unified client (preference given to a NetConnect like client ) for all devices and OS's. I think that Juniper made some headwind in the face of the i.device explosion. I can only hope that the direction for the Junos Pulse is to continue with replacing the WSAM like utility. MH

Re: Can i run NC and Pulse on the same role?

Re: Authentication Failed error from JunOS Pulse ...

Re: Junos Pulse (small step forward...painfully)

Re: Junos Pulse (small step forward...painfully)

Junos Pulse (small step forward...painfully)