- Pulse Secure Community
- :
- About advent4_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
advent4_
Occasional Contributor
5
Posts
0
Kudos
0
Solutions
03-31-2015
01:56:PM
Is this still the case? Is there any way to suppress the option for users to cancel or upgrade the Pulse client? Would like to replicate the behavior of Network Connect upgrades where it just upgraded client when the gateway was on a new version. It'd be nice to complete upgrades through the gateway instead of managing separately.
... View more
02-13-2013
10:17:AM
Thanks for the reply, I have requested for the feature add. I agree checking for processes is not a viable solution. Given the pre-defined checks for Mac OS levels is not immediately available, I continue to search for options. I have some pressure to find a solution quickly to detect the Mac endpoints OS version so a user group can utilize their endpoints. Are there any options/alternatives others have tested or are using?
... View more
02-04-2013
11:27:AM
Since there are not predefined checks available for Mac OS X levels (I hope this comes soon) - is there any method that could enforce Mac OS X 10.7 and above (essentially 10.7 and 10.8)? I am running 7.2R6 on MAG equipment. The custom Host Checker policies for Mac can check if a process is running and the existance of a file (and ports). Is there a viable method to enforce 10.7 and up using these checks? I am not a Mac expert, but I have not been able to find a way. The closest I've gotten to is enforcing 10.4 and up requiring a couple different processes, but this is not good enough for our security requirements. Any help or ideas would be appreciated. I don't necessarily want to do much to end client (ie installing more than necessary), but would certainly be open to ideas. Thanks!
... View more
07-23-2012
02:58:PM
Thanks for the quick reply! There's not necessarily a need to pass through. I was thinking that may be least impactful to the Juniper with user traffic destinated for the CAG. Ultimately I want the users logging in to the Juniper and getting host checked then presented with login to (or autologged into) the CAG to select their XenApp apps or XenDesktop machines. The desire is the user traffic going to/through the Juniper as users should not have direct access to the CAG (where host checking would not be performed). Targeted Traffic Pattern: User Client -----https----> Juniper----https----> CAG -----ICA Proxied Traffic----> Backend XenApp/XenDesktop The desire is to avoid having to establish a Network Connect session. This is how VDI machines are accessed remotely today and we are looking for improved performance. Additionally, we want to avoid Network Connect on personal endpoints (which we are not serving today). Windows, Macs, IOS, Android are all being targeted for access to XenApp/XenDesktop. I know the Juniper can web proxy to the CAG sign-in page. Could the Juniper also web proxy the traffic after a user launches a XenDesktop or XenApp app? Hopefully this helps fill in the gaps of my initial post. Are there possibilities functionally for this type of setup?
... View more
07-20-2012
12:46:PM
I am investigating the use of an IVE (7.1R6) to front another appliance that will do the proxying of ICA traffic (for external Citrix users). I am whispering now... the other appliance is a Citrix Netscaler with access gateway (CAG). It's just trial run to see if it's feasible to complete host checking on the IVE and just pass subsequent traffic through the IVE so we don't have to support another type of host checking environment. I'm not real familiar with Citrix EPA. I've been testing with the Juniper internal interface being on the same network as the CAG. It is possible use the pass through proxy feature with a virtual hostname to accomplish this? I am attempting to test, but not having much luck. How do I know I configured a bookmark correctly to use the pass through proxy method? And if a client authenticates on the IVE and clicks a bookmark for a logon point on the CAG, is the Juniper opening the connection to the CAG or would that be client's source IP? I'd prefer it to be the client's IP going all the way to the CAG. It should be just 443 traffic the whole way, until the CAG proxies the Citrix traffic to the internal servers. Anyways, I haven't made it very far yet so wanted to see if anyone has suggestions or comments on whether this is feasible or not. Is there something I'm not considering? It's unorthodox, but I want to rule it out before moving on.
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
