- Pulse Secure Community
- :
- About VVJ_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
VVJ_
Contributor
72
Posts
1
Kudos
7
Solutions
12-30-2013
08:41:PM
We are currently seeing an issue wherein all AV/FW checks fail the Host Checker policy on client machines. This issue has reportedly started since 00:00 hrs on 31 Dec 2013. Juniper is currently aware of this issue and our Engineering Teams are working on resolving the same at the earliest. This thread shall be updated with more details as soon as they are available.
... View more
05-01-2013
02:08:AM
Ple, Could you paste the actual assertion generated by your IDP and point out the specific attribute you would like the SA to use as the username here?
... View more
04-18-2013
03:00:AM
Hi Kalluga, Thank you for showing interest in the HTML5 features. There are no additional licenses from an SA perspective that you would need to have for this feature to work. This is at par with the current Rewrite Access mechanism in the SA. Unfortunately, there are no tutorial links that I can share at this point but shall let you know as soon as I have one. I am very sure the Juniper solution with HTML5 is pretty competitive too :-)
... View more
04-18-2013
02:53:AM
Hi Ate, Thank you so much for your detailed feedback and sorry that I missed your earlier post. Most of the mentioned options are really good to have. Below are a few of my thoughts - Please forward the error messages from the pulse client automatically to the user access log. That should be possible as long as there is a connection to the MAG. ==> We currently do print messages in the User Access logs for any SA side errors that come up during bringing up the tunnel. Examples are when there are no IPs configured/DHCP server not reachable, ACL counts exceeded etc. Other than this, we also log entries for sesssion timeouts on Pulse as well. The rest of the scenarios are mostly due to issues at the client side which the SA is not really aware of and hence is only printed in the Pulse client side logs. - Display in the header line somewhere the device name (hostname or anything self configurable) Because: when accessing the device over an ip address with nat, it's annoying to search always for the certificate and / or sign-in policy and check there if you are on the right device. ==> We currently print the member names on top in case you are logging into the Admin UI of a cluster. Are you looking for something similar for stand alone devices as well? The rest of the pointers provided have been forwarded to the relevant departments. You could follow up on the same with your Juniper Sales Teams.
... View more
04-15-2013
05:42:AM
We suggest that you go through the release notes for 7.4 to check for any known issues that may affect your environment before you perform the upgrade. As long as you dont see any there, I believe it should be ok to upgrade.
... View more
04-08-2013
02:53:AM
Junos Pulse Secure Access Service 7.4 provides support for HTML5 through Rewriter, with new elements, attributes, and APIs. HTML5 support in Pulse Secure Access Service 7.4 can scale to thousands of users, which remains on a par with the standard support for Rewriter sessions. HTML5 support for Pulse Secure Access Service 7.4 is supported in Microsoft Internet Explorer 10, the latest Mozilla Firefox Extended Support Release (ESR), Apple Safari running on Microsoft Windows 7 and Windows 8, Apple Mac OSX 10.7 and Mac OSX 10.8, Linux Ubuntu, Android 4.0 (Ice Cream Sandwich), and Apple iOS 5.x. Please feel free to post any queries you may have on this new feature.
... View more
03-25-2013
03:12:AM
Welcome to SA 7.4 Features at a Glance As part of our commitment to improving technical support, experts from Juniper Networks are here to assist you in understanding the features in SA 7.4. As a focused effort towards technical understanding, better support, and faster updates, we have started the J-Net threads linked below. Each thread explains the basics of an individual feature and is open for discussion. Please post your thoughts and queries for features you are using or would like to use. Our senior technical engineers will be answering your technical queries, and will try to resolve each of them. Please note that this forum is not suitable for sales-related queries or in-depth log analysis. We look forward to the dialog, and will answer all the technical queries we can; if there is anything we cannot cover in this forum, we will direct you to the appropriate team. Please refer the below links and use the thread most closely related to your query: Archiving options for debug logs and system snaps Support password options for User Admin FIPS in Software for MAG -SA and VA devices SNMPv3 Support in Pulse Secure Access Service 7.4 IPv6 support for Layer 3 VPN access method in Junos Pulse 4.0 and Pulse Secure Access Service 7.4 Support to machine certificate store for user authentication Pulse event system Support for NTPv4 Support for SAML Attribute Statements HTML5 support through Rewriter in 7.4 version of SA OS
... View more
03-25-2013
02:01:AM
Junos Pulse 4.0 and Pulse Secure Access Service 7.4 support the Simple Network Management Protocol version 3 (SNMPv3) standard, which provides a comprehensive authentication, authorization, and encryption mechanism, with support for extensions to the framework. Juniper has chosen to support SNMPv3 to overcome security limitations found in SNMPv2c. Let us know if there are any questions around this and we will be happy to answer them.
... View more
03-25-2013
02:00:AM
Junos Pulse 4.0 and Pulse Secure Access Service 7.4 have been enhanced so that today, end users are now able to access IPv6 resourcesÑalong with IPv4 resourcesÑfrom an IPv4 network, by simply using Junos Pulse to access Junos Pulse Secure Access Service 7.4. Let us know if there are any questions around this and we will be happy to answer them.
... View more
03-24-2013
09:33:PM
The Junos Pulse Secure Access Service (SSL VPN) 7.4 offers support for NTPv4 and can be configured for optional authentication for NTP traffic. This feature also allows for backward compatibility with NTPv3 servers as well. Please feel free to drop in any queries you may have on this feature here :-)
... View more
03-24-2013
09:28:PM
The Junos Pulse Secure Access Service (SSL VPN) 7.4 offers support for inclusion of Security Assertion Markup Language (SAML) basic attributes in profiles. This feature would enable the SA to send SAML Attirbute statements in the SAML Assertions when configured as an Identity Provider. The inclusion of SAML Attirbute statements would be benificial to SAML Service Providers (SPs) who perform Authorization based on the SAML Attributes. Please drop in any questions you may have on this exciting new feature. As always, we promise to do our best in getting them answered :-)
... View more
09-06-2012
09:26:PM
The "Sign-in SAML" option is available only from the 7.2 version of the SA OS onwards. It is not available in the 7.1 versions. Hope this helps.
... View more
05-02-2012
11:50:PM
Thank you for your update and glad to know that you are interested in the feature. We currently donot have a KB explaining a samlple config as we figured the details would be too much to fit into a KB. We are working on a "How To" doc explaining the various configuration knobs provided on the SA for this feature.
... View more
04-24-2012
11:44:PM
Yes this feature only works with subscription licenses. The Auto Leasing feature in 7.2 is more enhanced than it was in the 7.1 version. In the 7.2 version, we now have the capability for additional record-keeping to allow reconciliation of auto-leasing behavior on clients with actual available capacity on the license server In the 7.1 versions, the Auto leasing is automatically enabled when the license server has at least 30% of the unallocated maximum capacity of all clients available. This has been further enhanced in 7.2 wherein the Auto leasing is automatically enabled when the average available count over 24 hours for that feature is greater than 30% of the unallocated maximim capacity. Moreover, when a disconnected client re-establishes connection to the license server, information is passed to the license server to reconcile capacity allocations for the duration of the automated lease increments. With the above enhancements, we can better track the license requirements.
... View more
04-24-2012
05:45:AM
Ken, The custom variables can be created by using a predefined macro on a system variable. The macros available are REGMATCH Ð Matches a regular expression pattern against a string text. APPEND Ð Appends a text string to another text string. DAYSDIFF Ð Calculates the difference between two dates. So say you have the Radius Class attribute with the value set to "corpamericas", you could use the above macros to say append some text to the attribute value. For example, if we set the varible name to homepage and the Expression to APPEND(userattr.class, ".homepage.com"), the varible homepage would now have the value corpamericas.homepage.com. You could use this to create a bookmark in the user roles by setting the resource to http://<customVar.homepage> So basically, you can manipulate the existing system variables or user attributes using the macros to assign values to the custom variables.
... View more
04-22-2012
08:40:PM
If a centralized license server should ever become unavailable, any gateways or appliances that require expanded capacity (subscription licenses meeting required minimum reserves) need to be able to work without interruption. With Pulse Secure Access Service (SSL VPN) 7.2, licensing clients can now auto-lease and expand their capacity on their own (Trust), with reconciliation occurring once connectivity to the license server has been restored (Verify). This feature enables a single license server to serve global organizations of any size with built-in resiliency to withstand prolonged connectivity issues. Detailed event logs provide history and tracking of centralized license server connectivity issues. Please feel free to post any queries you may have on this new enhancement made to the existing License Server architecture. (Go back to SA 7.2 Features at a Glance - Discuss with Juniper Engineers)
... View more
04-22-2012
08:39:PM
1 Kudo
The Junos Pulse Secure Access Service (SSL VPN) 7.2 offers support for Security Assertion Markup Language (SAML) 2.0 that allows enterprises to easily and securely federate user identity with third-party Web applications, including cloud-based Software-as-a-Service (SaaS) applications. As Enterprises push more and more services once hosted in the internal network to the Cloud, it becomes all the more important to make sure that users are authenticated on these Service Providers as well. Using this feature, you can extend your existing SA solution to provide Authentication and Authorisation for such resources as well. Here, the users may directly access the Service Provider portal and transparently get redirected to the SA. The SA would perform the Authentication as per the policies configured and redirect the user to the Service Provider with a valid Assertion. Please drop in any questions you may have on this exciting new feature. As always, we promise to do our best in getting them answered :-) (Go back to SA 7.2 Features at a Glance - Discuss with Juniper Engineers)
... View more
02-19-2012
06:02:AM
As far as I know, the SA doesnot make any connections from the External interface. The External Interface only receives user connections and all connections made from the SA (to Auth servers, Web/Terminal Service resources etc) are initiated from the Internal interface of the SA. Below is an extract from the 7.1 Admin Guide explaining this. QUOTE The internal port, also known as the internal interface, handles all LAN requests to resources, listening for Web browsing, file browsing, authentication, and outbound mail requests The external port, also known as the external interface, handles all requests from users signed into the SA Series Appliance from outside the customer LAN, for example, from the Internet. Before sending a packet, the SA Series Appliance determines if the packet is associated with a TCP connection that was initiated by a user through the external interface. If that is the case, the SA Series Appliance sends the packet to the external interface. All other packets go to the internal interface. UNQUOTE Hope this helps :-)
... View more
02-19-2012
05:55:AM
I believe this doesnot really matter. The NC Server IP should ideally be a non routable IP on your network.
... View more
02-19-2012
05:53:AM
Are you seeing the same issue on Windows platforms as well? Do you see any errors in the User Access Logs on the SA? I hope you have already imported the cert into the Trusted Client CA list on the SA as well.
... View more
02-18-2012
05:31:AM
This could happen if the Users donot have the required credentials to access the file share. You may want to check the permissions for the end users on these shares.
... View more
02-18-2012
05:30:AM
Are there any other restrictions (like Host Checker, Cache Cleaner etc) applied on the Realm?
... View more
02-16-2012
08:01:AM
You may want to check through http://kb.pulsesecure.net/KB17794. This gives details on the types of Auto Configs (for proxies) that are supported by the SA components. Hope it helps.
... View more
02-14-2012
08:38:AM
I dont believe there is a documented upper limit to the number of static routes that can be added, However, a large number of routes may impact performance of the SA. When connecting to any internal resource (like Active Directory), the source IP is always the Internal Port IP of the SA.
... View more
02-10-2012
01:45:AM
As far as I know, these messages are not customisable from the Admin GUI of the SA. However, you could use the Custom Sign-in Pages and modify the messages there to achieve this. Hope this helps.
... View more
02-08-2012
08:15:AM
Could you check the User Access logs on the SA? It should give you more details on why the connection was disallowed.
... View more
02-08-2012
08:07:AM
The error indicates that the connection was denied from the SA end (probably some config issue). You could also try run a policy trace for those specific users. It should point out in case there is a config problem.
... View more
11-09-2011
07:49:AM
I dont believe such a parameter is available. The supported parameters for the HOB applet on the SA are documented in http://www.juniper.net/techpubs/software/ive/guides/supplemental/PremierJavaAppletParameters.pdf
... View more
11-09-2011
07:36:AM
Could you elaorate a bit here? Do you mean to say that the Pulse disconnects immediately after the login?
... View more
10-24-2011
06:34:AM
Do you find anything logged on the SA User Access logs for this failed Pulse session?
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
