Short answer: rewrite allows browser-only remote access to the web server; not rewriting requires a client to access the web server. Neither is more or less secure Long answer: Rewriting, standard/traditional or pass-through proxy, acts as a proxy for the user: the end user browser only sees the IVE & the internal server only sees the IVE. Disabling rewriting means there is a form of direct access: in the form of a SAM or VPN connection. The former is L7 connection in which you define applications/servers that are allowed to be accessed and is client-initiated only; the latter is a traditional L3 connection in which the remote user is a node on the network. ... View more

Thanks for chiming in.   Took a bit, but finally realized that my problem wasnt the policy, but rather the test machine I was using. I completely overlooked the fact that it had 2 AV products loaded (and apparently active.)  So, the rule as written  was actually correct.    Now I have to figure our why there is almost a 1 minute delay between the time the user enters the credentials and when the role mapping actually takes place. Policy trace shows the gap, but nothing in terms of an explanation as to why. ... View more

Hello Red,   Thank you for the feedback.  I can help discuss this internally, but we wanted to get the information out as quickly as possible.  If there is any other concerns we can address, please feel free to reach out to [email protected] or you can PM me and I can forward your information accordingly. ... View more

Not sure how you are completing the login through the Network Connect application as it expects to make a VPN tunnel; however, it is theoretically possible to work. what is the behavior you see when you connect through the browser on these failing machines? ... View more

i'm sorry i had bad news to bear.   which feedback are you referring to...that it has limitations? it would be interesting to hear if microsoft has feedback on how to check this information. ... View more

Hi -red-, I've been discussing this with a colleague who has some experience with the 6xxx series and apparently, the number of profiles shouldn't be that much of a problem - not even for the admin interface. Do you have any results from JTAC? I'm rather curious ... View more

Unfortunately, the bulk of the users are connecting via the workstations which we don't control. Our biggest challenge is the desire to address all of this with no additional user interaction. Even if we had offered up an app for the users to manually execute, I suspect only half the users would actually do so. ... View more

I have experienced similiar issues when I upgraded our SA6000 active/passive cluster to 6.0R5. I found that by disabling the Replay Protection option in the Network Connect Connection Profile that I was able to connect and stay connected with ESP. I currently have a case open with Juniper but no progress yet. ... View more

Thanks, joepope. It really works with your label parameters on my OWA 2007. I just need to change the destination to /owa/ It saves a lot of time researching. ... View more

Hi there, Yes, this issue is resolved in 6.0R4 that was just recently released, but not in the web site yet. If you have a case, then it should had been noted there. Let me know if you need help getting this release. Thanks, Felipe ... View more

Are you willing to share your custom sign-on pages for RSA soft tokens? I have the same issue, and your help could save me a lot of effort. ... View more

Hi -red-, You are correct, the IVE authentication intermediation page cannot be modified beyond what you have described. Is creating an SSO policy an option for those sections of the SharePoint application that require the additional information? This would allow seamless access and should not interrupt the flow of the GUI users experience. ... View more

Just an FYI.  I opened a support case about the same issue where I was told by JTAC my SE needed to submit an enhancement request. Enhancement Request ER-056515 has been opened.  If you would let your account team aware of this, the more attention it gets, the sooner it might get fixed.  Thanks ... View more