Yeah we found that out the hard way.  A JTAC rep suggested that cross-forst trust is possible using a two-way trust - have you ever tried that?  Just trying to wrap my head around why the appliance would care of the the trust was one vs two way.     ... View more

I ran into this same problem -   You need to enable split tunneling for Pulse under the user role ---> network connect tab.   In addition, you have to create a split tunneling resource policy and define the network range you want going through the tunnel.  By default, JunOS pulse will add a default route into your routing table. ... View more

You are right, we narrowed down our group search filter yesterday to only search the container holding our group memberships and it's no longer reaching out to the child domains.   We've run across another issue though and I'm hoping you might be able to help; the SA sits in one environment, and we have a one-way trust relationship with another DC in a separate forest.  I'm able to authenticate users in the local domain on the appliance but not from the trusted domain.  According to JTAC, authentication with AD using cross-forest trust is not supported.   Is it possible to define a RADIUS server as auth, and still use LDAP as the authorization server to pull group memberships?  I'm a bit cloudy on how the group fetching wil work when using RADIUS, or if you have any other suggestions that would be great. ... View more

Zanyterp,   Thanks for the reply.  I have it defined as an LDAP server instead of AD so the allow trusted domain option wasn't available.  I'll reach out to our server guy regarding the referral.   ... View more