- Pulse Secure Community
- :
- About Markus_Z_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
Markus_Z_
Occasional Contributor
6
Posts
0
Kudos
0
Solutions
08-28-2012
07:39:AM
So there's no way of exporting the private key otherwise? I mean, unless one would just generate the key/cert via openssl in the first place and then import into the ive? That's kind of a bummer, when you need the private key for something else than importing it into another ive. Could you please confirm that there's no way of exporting the private key into a plain .pem formatted text file? In case if you're wondering why one would need the private key anyway, I would say for example when you want to do WAN acceleration of SSL traffic to the admin gui, you'd have to import the private key into the wan optimizer.
... View more
03-06-2012
05:56:AM
Hello community, first a little background info: A few weeks ago our company decided to transition our primary sslvpn installation to a new hardware where it should from now on run not as a stand alone unit, but as a virtual system (built-in virtual systems) on a shared hardware. Naturally the first thing we tried when migrating our existing configuration was to do a XML export on our existing SA (authentication servers, realms, roles, profiles and policies only), then created a new vsys on the new SA, did the preliminary setup and then tried to import the xml file. We had our fair share of 'challenges' while doing so. First, there were several xml elements in that file that were refused by the replacement SA, resulting in import errors. 'Network Connect', 'Mail-Proxy' to name a few. Juniper support suggested to remove these elements, which we did, as luckily they were not needed anyway. So when trying to import that file now, we ran into this issue: The import failed with an 'internal error'. Inspecting the device's event log, it seems that the import crashed an internal process ('Critical ERR24632: Program impexpserver recently failed. Program terminated with signal 25, File size limit exceeded.'). I've checked with juniper support, but haven't heard from them yet. The XML-File we tried to import was 16 MB in size, so we tried to split that file up, first importing only the authentication servers and roles, second only the profiles and policies. The import went good and there was no error, but resulted in some profiles not having their roles properly associated, while others have... Both SA's had the same firmware version running (7.1R6). Has anyone tried this before and ran into the same issues? What size was the largest you could import in one go? Additionally while messing with XML in general I've found that if you validate an unmodified XML export file with the supplied schema file you can also download off the SA, there are plenty of errors even starting at the very beginning at the first line (libxml 2.7.3): DOMDocument::schemaValidate() generated errors! Error 1866: Element '{http://xml.juniper.net/ive-sa/7.1R6}configuration', attribute 'iveData': The attribute 'iveData' is not allowed. in ive-export.xml on line 1 Error 1866: Element '{http://xml.juniper.net/ive-sa/7.1R6}configuration', attribute 'saData': The attribute 'saData' is not allowed. in ive-export.xml on line 1 Error 1841: Element '{http://xml.juniper.net/ive-sa/7.1R6}netbios': Character content is not allowed, because the content type is empty. in ive-export.xml on line 15138 Error 1841: Element '{http://xml.juniper.net/ive-sa/7.1R6}netbios': Character content is not allowed, because the content type is empty. in ive-export.xml on line 16725 Error 1841: Element '{http://xml.juniper.net/ive-sa/7.1R6}netbios': Character content is not allowed, because the content type is empty. in ive-export.xml on line 30843 Error 1841: Element '{http://xml.juniper.net/ive-sa/7.1R6}netbios': Character content is not allowed, because the content type is empty. in ive-export.xml on line 33013 Error 1841: Element '{http://xml.juniper.net/ive-sa/7.1R6}netbios': Character content is not allowed, because the content type is empty. in ive-export.xml on line 37442 Error 1841: Element '{http://xml.juniper.net/ive-sa/7.1R6}netbios': Character content is not allowed, because the content type is empty. in ive-export.xml on line 40170 ... Error 1871: Element '{http://xml.juniper.net/ive-sa/7.1R6}configuration': Missing child element(s). Expected is one of ( {http://xml.juniper.net/ive-sa/7.1R6}system, {http://xml.juniper.net/ive-sa/7.1R6}administrators, {http://xml.juniper.net/ive-sa/7.1R6}logical-systems ). in ive-export.xml on line 1 I wonder if anyone else dug deep into XML configuration importing/exporting and would like to share their experience with me, as our deadline draws near and I wasn't able to get it running as of yet. br Markus
... View more
12-13-2011
04:06:AM
If it's possible right away, then I don't know what I'm doing wrong. I've setup a active/passive cluster, then I've added a virtual system and created a new VLAN that I've assigned to that virtual system. After that I've imported a certificate to the root instance which I now want to assign to the vlan for the virtual system. The problem is: The VLAN is not available for selection in "Configuration > Certificates > 'my certificate'".
... View more
12-12-2011
07:10:AM
Is it possible somehow? I've found that I can only assign certificates to virtual ports on either the external port or internal port, but not on a VLAN VIP.
... View more
10-19-2010
05:17:AM
Is that possible somehow?
... View more
09-02-2008
03:36:AM
joepope: is this solution working with Internet Explorer and Firefox? I'm asking, because I've tried it this way and it works in IE like a charm. In Firefox I get cought in a redirection loop, though... Unfortunately switching to basic auth on the exchange server is not an option. Any Idea how i can get this resolved? (6.1R4 (build 13437) Message Edited by Markus_Z on 09-02-2008 03:37 AM
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
