- Pulse Secure Community
- :
- About BGR_
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
since
10-29-2017
10-29-2017
BGR_
Occasional Contributor
7
Posts
0
Kudos
0
Solutions
04-22-2015
03:48:PM
Seems like only the messages can be customized. Note quite what I'm looking for, but thanks for the pointer.
... View more
03-06-2015
04:25:PM
Answering my own question I see this is possible by downloading the sample.zip that includes login, logout and defender pages. I modified these successfully and used them for the sign-in and got exactly what I needed for web login. I wouldlike to do this for the Pulse challenge page as well. Does anyone know how that's created and whether it can be customized?
... View more
03-05-2015
05:32:PM
I'm using a radius server for OTP 2nd factor auth on a MAG. The radius server presents a challenge with multiple options for the 2nd factor, but I've added an Access Challenge rule that provides a static response to select OTP use. The server then presents another challenge to enter the OTP code, so I have a second rule that looks for that challenge and shows the "Generic Login" page to collect the OTP. This works great, but the yellow Challenge/Response box actually spells out the radius challenge to the user and between that and the wording "Enter the challenge string above into your token..." I am afraid this will be confusing for users. I was hoping for a cleaner interface, one like it has for SecurID, but I see no way to cutomize the page and the other options (like next token) aren't any better. Is there any way to customize the radius challenge page?
... View more
12-12-2014
05:51:PM
I'm trying to use passthrough proxy on a MAG-2600 SA to have an external app hit a deep link to a backend web server behind the firewall. The passthrough proxy policy and web acl are set up correctly. We have a external DNS entry set up for the virtual host with a domain that matches the SA hostname and it we hit the URL from the outside it does in fact land at the default sign-on page. We want to use a different auth server from the default for this and I thought I could make it work by defining a sign-on policy for the virtual host and prioritizing it above the */ default sign-on policy. Even so, we always land at the default sign-on page and user realm. For example, SA hostname is vpn.company.com and the deep link a base of https://kiosk.company.com, where kiosk.company.com is a CNAME for vpn.company.com. I have a sign-on policy like: kiosk.company.com/ that uses a different sign-on page and user realm, followed by */ and the other wildcard host policies. Is there a way to use a different sign-on page and user-realm for passthrough proxies? Thanks!
... View more
06-05-2014
11:03:AM
Funny, I did have a rule of hostCheckerPolicy!='Android-VersionCheck' in my initial test, but I think I did not have the stop rule or maybe it was the lack of expliclity assigning a no access role. I tried again using your suggestions and it works like a charm. Thanks!
... View more
06-05-2014
09:59:AM
The first approach you mentioned seems straigtforward and I'll test that. Someone suggested the role assignement approach you mentioned using a custom expression for the hostCheckerPolicy variable, like hostCheckerPolicy = 'Android-VersionCheck'. This did not work as every Android client, regardelss of the versions checked in the policy match because the host checker policy was triggered. What would be the correct way to do this? Maybe that's even more straightforward than defining dummy process statements.
... View more
06-04-2014
02:43:PM
I have one user authentication realm that supports full Pulse access from all clients, including mobile. I want to add a rule that restricts which Android versions can connect. I tried to do this using a host checker policy for Android OS of speciic versions, enalboing both evluation and enforcement. When doing so it worked for Android, but reports that all other clients, Win, Mac, etc are not compliant and it refuses the connection. I would be happy if there was a way to create a default ignore rule for the other platforms, but I can't figure out a way to do that. Someone suggested the use of a custom expression to check if the Android host checker rule is applied and if so, deny role assignment. I found that it does work if I only evaluate the hostcheck rule as the expression kicks in at role assignment time (cannot enforce it,) but in this case it's simply denying access to all Android devices because it checks if the rule was applied and does not analyze if the client met the conditions in it. It seems only enforcement will do that. Is there a way to limit a hostcheck rule to a single platform?
... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy.
Pulse Secure has updated its Privacy Policy effective June 28, 2017.
