look at what your compliance checker is looking for. seems like the version or a file that has been upgraded is causing it fail ... View more

Agree with every word of your rant. It seems it is more about pleasing a few rich large customers, maybe 5% of the base while giving a finger to to the other 95%. And while I am still angry, disappointed and frustrated that Juniper appears to be floundering, the MAG is still a great product which could be made into a MAGnificient prodcut with a few improvements. Like built in Load balancer- should be very easy to implement just think VRRP and virtual routers- done! DNS server, BIND is already available, and a few other features (Netscaler built of FreeBSD offers some). Juniper just has been operating like Secretariat with a bug on board, who with a 15 length advantage and nothing to do other balance an armchair ride home, manages to flounder, fall of the champion a few yards from the finish line. They seem to be just clawing and snatching defeat from the jaws of victory. I would not be surprosed if juniper is bought off in the next 3-5 years. Hopefully if that happens, it will be a company who will revive the ScreenOS development to appease and support the thousands of customers who prefer to use that product that works for them in their environment. I agree with your Apple analogy:) ... View more

I reallyhope it works out well. it appeared to have been one the nore stable products with lots of promise. "The Pulse client has stagnated a bit of late..". Really? The product was junipers' product. For it to stagnate must have been a conscious calculated decision, which I hope works out for the customers and the new owners and the support continues. I really, really was getting to like the prodcut the more I learned teh product. That said, I still find it hard to figure out why Juniper finds it so difficult to support most of teh Linux versions when a google search shows plenty of people who which up something quickly and voila, connection done. But, I know that my thoughts are mainly due to very little marketing, R&D and maybe just business in general. Hoping for teh best and success. ... View more

An example of the interface ad configuring cluster ... View more

No man, that is good news, however i have no idea. Maybe the compression that is supported for that particular frame. SSL supports gzip compression while ESP supports LZO compression. But that is beyond me. If you feel like trying one more thing, you could check to see if it makes a difference whether using 32bit or 64bit browser. If you have access to the Web developers for that site, you could ask them if they have coded it to require anything specific from the client side in order to load. Maybe a selective rewrite for that site, maybe something to do with UDP vs TCP transport; I don't know but it would be surely interesting to know exactly why. ... View more

Test different broswers/versions. Use the DS Record /ds trace to help troubleshoot that problem. ... View more

Elliott Management. Maybe I am paranoid and not thoo optimistic. Where is the founder of Juniper? I look at this compay like BAIN Capital. Some fail sme succeed. Elliott Management have been involved with cmpanies like MCI, ENRON, Novell just to list a few. Well we haope for the best. There is something fundamentally flawed with Juniper management and marketing department. At this point the separation of the different technologies that have embodied Juniper seems to be a devastating turn of events. Security Routing and Switching have all become a unified part of the tiered approach to security. It is akin to purchasing an apartment complex and installing a Security System, AC and Solid Waste dispsal Systems. Then after you get all your tennants, you rip out the AC and the Security and say to your tennants, you are on your own. Find your own AC and your own Security. Simply because the management was incapable of running all three needed features to benefit the tennants.Heck maybe they could have sealed the doors and windows, installed LED lights and Solar panels to reduce utility cost but they failed and hence figure that the cost of utility was too high becasue the windows were broken, doors half way shut, the flood lights were too hot. Heck maybe dual lights. Use the hot lights in winter and LED in summer. But we continue to prepare for the worst and hope for the best. ... View more

Use the ds trace to help troubleshoot that problem. You also want the users who are logged in via VPN to also use the vpn connection for internet browsing? ... View more

The guide is comprehensive and will work well. You should be logged in to the MAG so you can actually be making the configurations as you learn them. There are online courses available. google "after dark JPSA courses" I understand the cost constraints. ... View more

It is tempting to create the roles and then the policies, but if you create the rles, then use resource policies it is more likely to lead to missing smething. Use resource profiles and all the configurations pages are linked s you don't have to go find them individualy. With one or two exceptions. Basically, you need all your users(names/groups- works with AD groups) the resources you are allowing them to access and how you allow that access. Do I eed to give them full network access or just enough to get the job done? Roles    - Sales, Employees, Guests, Accounting, etc Authentication Server    Define different Authetication servers - AD, Local (on the MAG system), RADIUS, 2FA,(Numerous options) Authentication Realm    - Users realm Role Mapping Rules and Restrictions    -Map users by name, group (lots of otions) Sign-In Policy    - Determine Users authentication realm, sign-in page etc Resource Policies - This is your ACL to specific resources. For example, you allow web access this allow/deny/detailed rules. Good resources http://www.juniper.net/techpubs/en_US/uac4.4/topics/concept/security-access-device-access-management-framework-understanding.html http://www.juniper.net/techpubs/en_US/sa8.0/information-products/pathway-pages/sa-series/sa-service-access-mgmt-framework.pdf You can download and test the DTE. Has practicaly all the features of the MAG (with a few minor restrictions) If you are touching the MAG for the first time, I suggest taking the JPSA course first. The thing ca be overwhelming. ... View more

j-sa-sslvpn-7.1-adminguide Junos-Pulse-Secure-Access j-sa-sslvpn-7.1-customsigninpages   Version 8 is out but I have not seen the admin guide yet. Be sure to use resource profiles. here it is, just found it http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/junos-pulse-secure-access-service-8-0-adminguide.pdf You will do best to follow a checklist. decide teh type of remote users you have and exactly what resources they need to efectively get their job done. There are a few basic types of resource access Core- web-based resources Application SSL-VPN Start off with core. If you have remote users with slow internet access, consider getting the Application acceleration module. It integrates well with Windows AD. If you plan on using RADIUS, try the  Microsoft Network Policy Server (NPS) . Be sure to tell how it works. ... View more

It may not be good karma or good business practice to now put it in the SRX after selling that piece. That said, what about the classes. Who will now be sellig and pridg training for the product? ... View more

Do't know why Juniper thought centering the comments was a great job but the again... This may be what you are looking for. Or do you want the Secure Access Service to cash the password?   http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB25846&actp=search&viewlocale=en_US&searchid=1342525654722 ... View more

You may want to subscribe for updates. I was just creating a post to write up about it yesterday, and was about to make the same complaint, when I got the email update. I was up till late in the morning and saw it. As Jewells indicated, it is posted. I guess making a headline about it would just be asking for all hackers and malevolents out there to direct their attention to Juniper devices. A new product security advisory has been released. This message contains the link to the new Juniper Security Advisory (JSA) that has been released.   JSA10623 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL "Heartbleed" issue (CVE-2014-0160) NOTE: A Security Advisory is a formal notice regarding critical and/or potentially service-affecting hardware and software security issues. The Security Advisory process allows the proactive communication of pertinent information to both customers and partners. Please report any potential or real instances of security vulnerabilities with any Juniper Networks product to the Juniper Networks Security Incident Response Team (Juniper SIRT) at [email protected] ... View more

I don't knw if it is possible that the two clients are conflicting? Is there a way to completely remove the Win 8 VPN client and see if that resolves the issue? ... View more

What account are you trying to use to access the management port? Last I checked, a user account could not login to the Management port. It only allowed access to admin account. I guess I could do some additional testing to very. You can create a read only account and allow the customer to login through the regualar internal or external port (whichever you are using) with the admin url. But they would only be able to see but not make any changes. ... View more

Seems like you are not the only ones with teh problem and the solutions appears to be the same. Rebuild the TCP stack and reinstall the WAN miniport drivers. Check out the following links.Juniper may have something on that so I would still say open a ticket with them, while you provide a workaround solution. http://www.chicagotech.net/VPN/error720b.htm http://social.technet.microsoft.com/Forums/windows/en-US/783d8384-8880-494b-b011-7cc85ec6919d/windows-8-vpn-not-working-error-720 http://techslate.net/windows-8-error-720-problem-with-connection/#.Ugsp5xyG0vo ... View more

I see the topic has been a long while now, but I was wondering if the MAG-CM060 would not fulfil what you are asking about? Unless there are some features that I am not understanding from the question. But you can use it manage multiple MAG devices, push configuration out to them, upgrade them all from one console login. ... View more

Can you try reinstalling it again, before uninstalling? Sometimes that helps. ... View more

I have to apologize, for my error. I conflated two seperate things. I was thinking of Central Manager which allows management of the Cluster. But then since the JPSA can push configuration to multiple units, my thought was if you have a single longin to the CMC, then you can push the configuration out to multiple uints. Here is the confusion which is now clear, thank you : "Junos Pulse Secure Access Service appliances enable you to copy all configuration settings or selected configuration settings from one Junos Pulse Secure Access Service to another using the Push Configurationfeature. This feature provides simple configuration management across an enterprise without requiring you to cluster Junos Pulse Secure Access Service appliances. With the Push Configurationfeature, you can decide exactly which settings you do and do not want to copy across the enterprise. The interface for selecting the settings is similar to the XML Import/ Exportfeature. You can push to a single Junos Pulse Secure Access Service or to multiple Junos Pulse Secure Access Service devices. For example,if you install several new Junos Pulse Secure Access Service devices, you can push to set their initial configuration. You can also push to a Junos Pulse Secure Access Service device that is a memberof a cluster, as long as the target Junos Pulse Secure Access Service is not a member of the same cluster as the source. Target Junos Pulse Secure Access Service devices have the option of not accepting pushed configuration settings" However, when the multiple nodes are clustered, Central Manager provides significant benefits. The first benefit is that of minimal downtime upgrades, which ensures that at least one member of the cluster is running at all times during a software upgrade. This benefit is independent of the type or size of the cluster. The second benefit of Central Manager when used with clusters is that of package synchronization. If a Junos Pulse Secure Access Service with oldercode tries to join a cluster, it upgrades automatically. If a Junos Pulse SecureAccess Service with newer code tries to join a cluster, it is rejected. In addition, all cluster members store a local copy of the software. A third Central Manager benefit is the ability to see to which node of the cluster a user is signed in. We show this node information on the next page. Information on the Active Userspage is updated every 60 seconds." But is clear what the purpose of the CM060 is now. Thanks for the correction. [KUDOS PLEASE! If you think I earned it! If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..] ... View more

I know this is extreme, but could you recreate one the user proflie? It sounds like a user profile corruption. The trace logs should reveal a lot more of what is happening.  [KUDOS PLEASE! If you think I earned it! If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..] ... View more

Not so sure I understand how and why this wuld work. So you are saying User A can copy the machine cert from Computer B and install it and use it on Computer A? Does make any security sense. The computer cert is generated on that computer and can only be used by that computer. IVE would reject it coming from another computer when it compares the the it with its cert from that computer. Now I can imagine that I am not understanding at all what is going on here, so that being the case, tomorrow I will look for the corrections to my mis or understanding Any successfully try this and succeeded? [KUDOS PLEASE! If you think I earned it! If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..] ... View more