- Pulse Secure Community
- :
- About ITdept_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
ITdept_
Contributor
34
Posts
0
Kudos
0
Solutions
04-23-2014
07:02:AM
Hi, We're currently running 7.2R9.2 and since we started to implement WSAM via the Windows Pulse client (to allow Outlook Anywhere access), users have been complaining that after sleep mode the Pulse is connecting but Outlook won't connect to the Exchange server. We've configured the WSAM policy to the Exchange server destination. Users have to log out and login again. This behaviour is not consistent. Curious to hear if other people have similar experience? We're planning on upgrading to 8.0 but needs testing first.
... View more
04-23-2014
06:56:AM
As far as I'm aware we're using different sign-in urls on the same IP to different realms for authentication purposes without any problems. PTP policies work fine. https://domain.com/url1 keyfob auth https://domain.com/url2 sms auth JH
... View more
04-22-2014
12:00:AM
You may be able to achieve what you want by changing the realm names to: https://www.company.com/realm1 https://www.company.com/realm2 -JH
... View more
11-16-2013
05:46:AM
Just read a workaround in another forum post to change hostname to IP address in the TS profile. This solved the problem not only for Win7 with patch KB2830477 installed, but also works for Win8.1 -JH
... View more
11-16-2013
05:42:AM
Hi C4BE, Thanks for that comment. Indeed entering an IP address fixes the problem. This workaround also solves the Win8.1 problems.
... View more
11-14-2013
02:23:AM
Hi, Yes we're having the exact same problem. We upgraded to 7.4R6 this morning hoping this problem would have been solved. But unfortunately it doesn't seem like it has. https://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB28018 says that 74.R6 will fix some critical issues. According to the release notes (http://www.juniper.net/techpubs/software/ive/releasenotes/j-sa-sslvpn-7.4r6-releasenotes.pdf) 17 things have been fixed. Also 2 win-term-svcs issues: 53. win-term-svcs-enduser - Premier Java RDP applet fails to launch on Windows 8.1 (with and without pop-up blocking enabled (914012) 54. win-term-svcs-enduser - Terminal service (RDP and CTS) clients may fail to launch on Windows 8.1. (921246) Does anyone know what the details are of these two issues? JH
... View more
10-21-2013
05:12:AM
Hi Ruc, Thanks for sharing that link. I indeed found out today that Active-X deployment of Pulse doesn't work. It falls back to Java OK, but every time Pulse is starting it needs user interaction since Java 7 update 45 has changed some things in the security meganism. https://www.java.com/en/download/help/javascript_applet.xml I'm curious to find out when Juniper is able to fix Active-X deployment again or is able to bypass Java security prompts. (Oracle suggests: Developers: If your application is affected, evaluate usage of the Caller-Allowable_Codebase Manifest). -JH
... View more
10-21-2013
04:47:AM
I've seen this happen as well on a few computers that had different virtual machine software installed (VMware / Virtualbox etc). It turned out that the maximum number of virtual network interfaces was reached. I tried to look in my archives to see if I could find the exact registry key to fix this, but didn't find it unfortunately. I remember that the MSI installed did give some warnings that helped us troubleshoot further and googling for that helped us find the exact registry key. Make sure you download the Pulse MSI to the local computer manually and execute the msi from the command line making sure it does log debug level to a log file: http://www.advancedinstaller.com/user-guide/qa-log.html Hope this helps, -JH
... View more
03-12-2013
01:35:PM
Hi, Does anyone know if HSTS Strict Transport Security is supported on the SA? I understand most major browsers support it now and it seems the best way currently to prevent sslstrip MitM attacks. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
... View more
10-17-2012
08:45:AM
Hi, Is it possible to let user sessions roam between 2 realms? Currently we have 2 realms with both have a Sharepoint site via Pass-through Proxy enabled (via role-mapping). The problem is that only one of realm URLs can be configured to redirect users to when the're not logged in (using the IVE hostname). So the following is happning: We have 2 realms. realm1.com and realm2.com. Sharepoint site is configured as sharepoint.com. IVE hostname is set to realm2.com 1. User logs on to realm1.com 2. User clicks on link in email (sharepoint.com) 3. User is redirected to realm2.com and prompted for credentials. The only way to by pass this is to educate the users to: 1. User logs on to realm1.com 2. User clicks on bookmark for sharepoint site (this executes realm1.com/launch.cgi?sharepoint.com and activates the user's session) 3. User clicks on link in email (sharepoint.com) 4. User enters sharepoint site without entering credentials. Allowing for sessions to travel between realms would possibly fix this. Any ideas? JH
... View more
10-17-2012
08:36:AM
Hi, I had this exact same problem. I fixed it by setting the "Allowed Clock Skew (minutes)" in the auth server settings to 10 minutes. JH
... View more
10-17-2012
08:33:AM
Interesting indeed that this document can't be found on http://www.juniper.net/support/downloads/?p=mag4610#docs. Same case for the latest Pulse version. The release notes are there and point to the "What's New" but it's nowhere to be found.
... View more
08-23-2012
02:21:AM
Hi, I remember reading that the project had a PAM (Pluggable Authentication Module). Haven't tried this myself, but you may achieve what you want by installing a Linux machine, configure the Google PAM and configure your realm to use secondary authentication. Hopes this points you in the right direction. Curious to hear how you're getting on with this. -Jochum
... View more
08-21-2012
07:56:AM
Due to many limitations with the Web-rewriter we decided to test Sharepoint 2010 using Pass-through proxy as suggested by Juniper. Unfortunately we're still hitting many limitations. Was wondering if others have these issues as well as I can't find anything related to this in the KB or forum. 1. IE needs to be set to compatibility mode, otherwise ribbon won't work (page tab won't work) 2. When trying to edit a page you can't add a new web part simply won't do anything 3. Styling seems to be broken in many areas. I'm afraid that when continuing to test we'll find other things that won't work as expected. Looking forward to hear from others if they found work-arounds for this or if we simply have a broken configurtation causing these issues. Kind regards, -JH
... View more
05-30-2012
06:20:AM
Hi, Does anyone know what location to use to put a batch script to run on the Pulse client? I remember that WSAM was only able to run local scripts, but seems that the Pulse client can run remote scripts after it's been copied to the local machine: http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB21018: "Junos Pulse copies over the script file to the local file system and executes the script either at the time of establishing a user session or when the session is terminated." I assume this is all configured on the IVE under Role -> VPN Tunneling? JH
... View more
05-29-2012
11:22:PM
Hi, Has anyone got Manage Alerts to work from Outlook -> File -> Info -> Manage Rules & Alerts when using via the SA rewriting? When not using rewriting it works fine (as documented by MS) But it say "Cannot connect to the server" when through rewriter. I've not been able to find any information. List of limitations in Sharepoint 2007 and 2010 doesn't mention anything about this. JH
... View more
05-04-2012
06:42:AM
Hi, Has anyone managed to get Exchange Control Panel to redirect for Exchange 2010? I do have exchange/owa working with SSO as well, but exchange/ecp is slightly different. To logon it uses redirects from OWA. Curious if it's best to create a different profile for this or to change the OWA profile? JH
... View more
04-24-2012
12:17:PM
To clarify. Pulse saved password seems to be cleared after logging in again to the web portal (realm). Password saved: 1. Logon to pulse 2. save password 3. disconnect 4. pulse login again without need to enter credentials Password not saved: 1. Logon to pulse 2. save password 3 Logon to portal (realm) 4. (Pulse is disconnecting and auto login again) 5. disconnect pulse 6. login pulse -> asked for credentials. Any idea why this may happen? -JH
... View more
04-24-2012
12:04:PM
I've enabled the option to save the password for the pulse client on the SA. This seems to work some of the times (when doing restart) but when clicking "sign out" on the web portal (realm) then user is prompted again for credentials after a restart. Can any one explain why it would not save credetials after doing a sign out on realm?
... View more
04-18-2012
12:40:PM
Thanks again for your reply. I think now with 7.2R1 the Pulse now has WSAM integrated in the GUI. So it looks like Pulse is the way to go and replacing wsam and NC. Now with WSAM set on a a role and Pulse on another, WSAM client isn't even installed and Pulse is leading. So looks like pulse is not just for layer3 stuff anymore. Pulse has a number of benefits compared to the old WSAM. One of which is that it can be used stand alone without logging on to the web realm. This is great for clients mostly working remotely and auto logon after restart. Unfortunately the only downside seems that bookmarks are not shown in client or that it's login to realm is not seemless when Pulse client starts first. Perhaps we'll need to raise this as a feature request. -JH
... View more
04-16-2012
11:50:PM
Hi SonicBoom, Thanks for your reply. Perhaps I wasn't clear in explaining. Auto logon to the Junos Pulse client works fine. But I also want the users to see their web bookmarks as soon as they logon to the pulse client. What happens now is the following: 1. User logs on to Windows 2. Pulse client starts and auto logs on 3. User has to start web browser and logon manually to realm to see web bookmarks It would be nice if the pulse client has the bookmarks integrated similar to how the Android pulse app works. JH
... View more
04-16-2012
01:22:PM
Hi, Is it possible to auto login to the SA web page (realm) after the Junos Pulse client has logged in on a Windows client? Auto logn does seem to work the other way around (user first logs in to web portal (realm) then auto login to junos client). I'd like to get a similar user experience to Android Junos pulse where user can click bookmarks from Junos Pulse App. JH
... View more
03-29-2012
01:28:AM
We've worked around this issue by putting the domains of the Juniper and the sharepoint internal domain name in the registry as a multi-string-value with name AuthForwardServerList under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters
... View more
01-10-2012
11:44:PM
We're currently running 4.0.9.43209 but testing the latest version. -JH
... View more
01-10-2012
11:10:PM
Does anyone know where to find the developer guide to help a developer write a custom dll for the host checker? Here is the documentation how to implement the package, but can't find details on how to develop it. We're interested to find out if it's possible to do certiifcate pinning using the host checker.
... View more
01-10-2012
02:22:PM
Hi, I was wondering if someone could explain me the security implications of choosing PTP over using the rewriter for a web application. I know that Juniper recommends using the rewriter, but if there are functional limitations to the applications when using the rewriter pass-through-proxy is recommended. I'd like to know what additional security risks may be involved when choosing one over the other (if any). Kind regards, JH
... View more
01-10-2012
12:23:PM
Hi, I know this isn't a RSA forum, but curious if any one has actually managed to get SSO working for the RSA Self Service portal on a Juniper SA, as I assume more people are using 2 factor auth. In an ideal world the Juniper SA would have the option for a user to reset a their token PIN similar to the change (AD/LDAP) password feature on the IVE, but since that's not a feature, next best thing is to use RSA's own tool. I've battled trying to get form based SSO to work, since it's a 2 step auth it's just a bit more complicated and I'm not clever enough apparently. All the best,
... View more
01-10-2012
09:01:AM
Currently our Windows users who use email externally get the Pulse client pushed and this Pulse client is configured to use WSAM to tunnel email trafffic to our Exchange server. We'd like to achieve the same for our Mac users (now we get more and more Mac users). I understand that WSAM doesn't work on Mac and we've tried JSAM (but users understandebly do not like the Java hassle). We also like to offer a consistent experience to the users therefor our preferred thought is to offer the Pulse client to them as well. I understand we then need to configure a VPN tunnel. My question is, what are the best options to serve Outlook email to our Mac users via the Juniper SA SSL VPN. Would there be any benifit in upgrading to version 8.0R2? We're currently on 7.4R6. -JH
... View more
01-10-2012
08:33:AM
Think we solved the first problem with intermittend issues when creating contacts. Before we terminated SSL at the SA (juniper:443 -> crmserver:80). We now installed the SSL cert on IIS on the CRM server and all is consitently working now. Only our 2nd problem with performance is actually worse now. Any ideas on how to improve this?
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
