When my customer Joe comes to his office and uses his intranet desktop, he logs into Active Directory by typing "group\joe" in the username field of his Windows XP machine login window. But actually, "group" is an alias of the real FQDN "group.emea.mycorp". I am not a Windows expert, but somehow his XP operating system manages to append the DNS "emea.mycorp" string before sending user credentials to the AD domain controller for validation. Now that his company is deploying the SA6500 appliance, he wants to replicate the same experience when reaching the company from the Internet through the appliance. When prompted for the username by the Juniper SA, he wants to type "group\joe" and be validated by the AD controller. I found that if he types "group.emea.mycorp\joe", the SA appliance receives a successful answer from the AD controller, but if he types "group\joe", then the transaction fails. For the time being, his group is typing the entire FQDN to work this problem around, but they consider this annoying. ÀIs there a chance to tailor the SA configuration to ask the appliance to append a string the username before sending the userid to the AD controller? Thank you very much in advance Rogelio Alvez [email protected] Argentina ... View more

Hello team: I want to share a realm between Windows and Apple«s Mac users. In this realm I would like to execute host checker with this purpose: 1. Verify whether Windows users have their AV software up to date. If not, they will not be allowed to pass 2. Let Apple Mac users pass provided that they authenticate with success. Is this possible? I already implemented a Host Checker policy to carry out (1) but I do not know how to tell my SA2500 that I want authenticated Mac users to pass unchecked. Any hints will be greatly appreciated. Regards, Rogelio Alvez ... View more

Hello team: I wanto to build a scenario by which my SA grants limited network access to a user whose AV software is not up to date. For instance, to let him reach a protected subnet that hosts the corporate AV server so he is able to update the AV definition files and then be allowed to have full intranet access. À Would you please direct me to a page with such an example? Any hints will be greatly appreciated. ... View more

Hello team: My SSL concentrators are configured as an Active/Passive cluster. I turned on a sniffer to trace a session from the concentrator (the internal interface)  to internal web resources, and found that the Active concentrator innitiates sessions with its real IP instead of the internal VIP. ¿Is this normal behavior? I want to be sure, since I have to configure policies in the firewall located between the SSL concentrator and the internal resources. Your kind answers will be greatly appreciated. Best regards, Rogelio ... View more