Pulse Secure (formerly Identity and Policy Control)
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 780
Registered: ‎06-30-2009
0
Accepted Solution

Questions on JUNOS Pulse Client replacing OAC

Hi All

 

We are currently using the OAC with IC4500 integrated with Juniper SRX650 in L3 enforcement. Now are testing JUNOS PULSE client replacing OAC. Its working fine but we are facing below issues:

 

1- We want to make the pre-configured installer for JUNOS PUlse. HOw to make it?

2- Every new JUNS Pulse clinet connect to IC. It shows the untrust certificate screen. 
How to avoid it?

3- Users can exit the JUNOS PUlse from the system try. How to restrict it?

 

Looking forward for the response.

 

Thanks

Contributor
Posts: 780
Registered: ‎06-30-2009
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi

 

Is there any one?

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi , 

 

 Below is the procedure that needs to be followed for deploying custom msi files:
To create a preconfigured Junos Pulse installer for distribution to endpoints:
   1. Select Users > Junos Pulse > Connections and create a connection set with the connections that you want to distribute.   

2. Select Users > Junos Pulse > Components. 

 3. If necessary, create a new component set with the connection sets you want to distribute. Select All components or Minimal components. 

 4. Select the check boxes next to the component sets that you want to distribute.

   5. Click Download Installer Configuration. You are prompted to save the preconfiguration. Make note of the file name and location where you put the file.   

6. Select Maintenance > System > Installers.
      If necessary for your environment, download and install the Juniper Installer Service. To install Pulse, users must have appropriate privileges. The Juniper Installer Service allows you to bypass privilege restrictions and allow users with limited privileges to install Pulse. See the Client-side Changes Guide on the Juniper Customer Support Center for more information.

   7. Download the appropriate Junos Pulse installer for your Windows environment:

          * Junos Pulse Installer (32-bit)          * Junos Pulse Installer (64-bit)
To install Pulse using the preconfiguration file, run the Pulse installer program using an msiexec command and specify the CONFIGFILE property to specify the preconfiguration file. Command line properties (CONFIGFILE and ADDLOCAL) are case sensitive and must be all caps. The CONFIGFILE property must specify the full path to the configuration file.

For example:
msiexec -i JunosPulse.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfigInstalling the Junos Pulse Client Using Advanced Command Line Options

 

Please use the pulse admin guide for the same , page# 95 

http://www.juniper.net/techpubs/software/pulse/guides/j-pulse-2.0R1-adminguide.pdf

 

Regards,

Kannan

 

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

2- Every new JUNS Pulse clinet connect to IC. It shows the untrust certificate screen. How to avoid it?
1. We can avoid this by having the root CA of the IC device CA in the trusted CA lists of the client machine \
2. Also ensure that the certfiicate is mapped and binded to IC internal port.

3-  Users can exit the JUNOS PUlse from the system try. How to restrict it?
You can try  by unchecking the below option in ID admin UI under IC connections.Allow user to override connection policy 
Regards,

Kannan

Contributor
Posts: 780
Registered: ‎06-30-2009
0

Re: Questions on JUNOS Pulse Client replacing OAC

Thanks Dear. Much appreciated. There is no such option like OAC to create preconfigured installer msi file to straight away install on the users, no need to run command line??

 

Regarding override connection policy setting. It did not work. Any other suggestion?

 

Thanks

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi ,

 

As per my research we don't have an option for restricting the users for exiting the JUNOS PUlse from the system tray.

 

If you feel this as a critical requirement, I would recommend you to work with Juniper System Engineer on this who can give more information on this.

 

Hope this clarifies your query

 

Regards,

Kannan

Contributor
Posts: 780
Registered: ‎06-30-2009
0

Re: Questions on JUNOS Pulse Client replacing OAC

Ok thanks but what about my previous question regarding pre-configured installer. Is there any method for JUNOS Pulse like OAC to create straight away pre-configured installer means no need for command line?

 

Thanks

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi, 

 

on the question regarding pre-configured installer. Is there any method for JUNOS Pulse like OAC to create straight away pre-configured installer means no need for command line?

 

At present, we dont have an option in Junos pulse to create pre-configured installer without commandline.

 

After you create a client connection set and include the settings within a client componentset, you can create a preconfiguration file with all of the settings needed for the Pulseclient. You specify the preconfiguration file as an option when you run the .msi installerprogram using an msiexec (windows\system32\msiexec.exe) command.

 

Regards,

Kannan

Contributor
Posts: 12
Registered: ‎04-23-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Anybody has any idea if Juniper has prepared a detailed differnce list between OAC & Pulse

 

also, is GINA still not supportted in Pulse?

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi,

 

GINA is not supported in pulse for now . Credential provider in win 7 and windows vista will be supported in the next major release of pulse 3.0  however only for L3 access this is supported. For L2 access this is not supported. pulse 3.0 tenative release date is march 2012 2nd-3rd week.

 

I understand that you are looking for a detailed differnce list between OAC & Pulse.

 

You can find information on pulse and OAC from the respective admin guides however if you are looking for specific document kindly raise a case with JTAC support 

 

Regards,

Kannan


Contributor
Posts: 12
Registered: ‎04-23-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Thanks, How about the SCCM support?

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi ,

 

SCCM is a patch remediation option in which the end points  that does not comply with teh recommended patch list will be redirected to SCCM server. 

 

SCCM is not a Juniper product, it should be supported by Microsoft. hope this clarifies your query

 

Reagrds,

Kannan

 

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Contributor
Posts: 12
Registered: ‎04-23-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Thanks a lot/ that means working with Junos Pulse or OAC has no impact on the SCCM Remediation function

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Questions on JUNOS Pulse Client replacing OAC

Hi ,

 

Yes your undrstanding is right

 


NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

 

Regards,

Kannan