- Pulse Secure Community
- :
- About ralvez_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
ralvez_
Occasional Contributor
10
Posts
0
Kudos
0
Solutions
02-13-2012
10:04:AM
Hi Suresh! It was you the person who answered :o) Thank you so much. Rogelio
... View more
02-13-2012
10:03:AM
Hi Suresh: A/P I was told that in this configuration both interfaces must belong to the same subnet. Thank you very much for your kind answer! regards, Rogelio
... View more
02-10-2012
06:35:PM
Hello team: ÀIs it possible to configure the management interfaces of the members of a SA cluster on different subnets? I know this is not possible with the internal or the external interfaces (both internal interfaces must belong to the same subnet, and both external interfaces must belong to the same subnet as well), but I am not sure whether I must follow this on the management interfaces. And the customer would like to have each management interface on different subnets. Your comments will be greatly appreciated Rogelio Alvez Argentina
... View more
01-25-2012
04:28:AM
When my customer Joe comes to his office and uses his intranet desktop, he logs into Active Directory by typing "group\joe" in the username field of his Windows XP machine login window. But actually, "group" is an alias of the real FQDN "group.emea.mycorp". I am not a Windows expert, but somehow his XP operating system manages to append the DNS "emea.mycorp" string before sending user credentials to the AD domain controller for validation. Now that his company is deploying the SA6500 appliance, he wants to replicate the same experience when reaching the company from the Internet through the appliance. When prompted for the username by the Juniper SA, he wants to type "group\joe" and be validated by the AD controller. I found that if he types "group.emea.mycorp\joe", the SA appliance receives a successful answer from the AD controller, but if he types "group\joe", then the transaction fails. For the time being, his group is typing the entire FQDN to work this problem around, but they consider this annoying. ÀIs there a chance to tailor the SA configuration to ask the appliance to append a string the username before sending the userid to the AD controller? Thank you very much in advance Rogelio Alvez ralvez@tiagora.com Argentina
... View more
11-04-2011
11:18:AM
Hello team: I want to share a realm between Windows and Apple«s Mac users. In this realm I would like to execute host checker with this purpose: 1. Verify whether Windows users have their AV software up to date. If not, they will not be allowed to pass 2. Let Apple Mac users pass provided that they authenticate with success. Is this possible? I already implemented a Host Checker policy to carry out (1) but I do not know how to tell my SA2500 that I want authenticated Mac users to pass unchecked. Any hints will be greatly appreciated. Regards, Rogelio Alvez
... View more
11-01-2011
04:44:PM
Thank you very much for your suggestion. I implemented it according to your idea and it worked OK. Best regards, Rogelio
... View more
10-27-2011
05:00:PM
Hello team: I wanto to build a scenario by which my SA grants limited network access to a user whose AV software is not up to date. For instance, to let him reach a protected subnet that hosts the corporate AV server so he is able to update the AV definition files and then be allowed to have full intranet access. À Would you please direct me to a page with such an example? Any hints will be greatly appreciated.
... View more
01-28-2011
06:26:PM
Hello team: My SSL concentrators are configured as an Active/Passive cluster. I turned on a sniffer to trace a session from the concentrator (the internal interface) to internal web resources, and found that the Active concentrator innitiates sessions with its real IP instead of the internal VIP. ¿Is this normal behavior? I want to be sure, since I have to configure policies in the firewall located between the SSL concentrator and the internal resources. Your kind answers will be greatly appreciated. Best regards, Rogelio
... View more
01-28-2011
06:18:PM
Hello Matts: Thank you very much for your answer. So in short there is no way to ask the SA to detect whether the machine is really a Mac if I do not enforce the checking of at least one variable (say it a port, a process or a file). I imagined so but I wanted to double check. Best regards Rogelio
... View more
01-28-2011
01:17:PM
Hi Suresh: Thank you very much for your kind answer. So if there is a firewall between the cluster and the backend resources, my security policies must take into account the IP addresses of both internal interfaces of the cluster devices. ¿Am I right? TIA, Rogelio
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
