Pulse Secure formerly SSL VPN
Showing results for 
Search instead for 
Do you mean 
Reply
Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Can MAG4610 use as SSL VPN and UAC at the same ?

Hi all,

 

 

I have buy new MAG4610. So my question can i use this device for both feature as per title above at the same time? Thanks and appreciate someone feddback.

Moderator Moderator
Moderator
Posts: 193
Registered: ‎08-22-2011
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

We can either use the it as a UAC or SSL VPN (change personality). IT can be used as a SSL vpn and UAC at the same time.

 

please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks

 

 

Trusted Contributor
Posts: 195
Registered: ‎07-06-2009
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

i think SVK left the 't off by accident after can, so it Can't be used as both
Power On
http://vology.com
JJJ
Regular Visitor
Posts: 7
Registered: ‎04-28-2009
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

hello kronicklez,

 

The answer is "No".

 

You can install IVE OS(Secure Access) or UAC OS(Access Control) in one device.
If you install IVE OS, the device is SSL VPN.
If you install UAC OS, the device is UAC.

It's impossible to be a SAG(Secure Access Gateway) and ACG(Access Control Gateway) at the same time.

 

Sincerely,

Joseph

Trusted Expert
Posts: 384
Registered: ‎08-09-2011
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi,

 

The last answer posted by Joseph is right.

 

MAG4610  comes with a fixed MAG SM-160  Application Blade in which both  SSL VPN and UAC OS are loaded with factory version settings like 4.1 or 4.2.

 

When we configure the device , we can configure either SSL VPN or UAC but both the services cannot be run simultaneosly. 

 

If you load as SA option it install SSL VPN OS and boots up as SA

If you load as UAC option it install UACOS and boots up as an IC.

 

If you are looking for once chassis running with both UAC and SA device then you need to use MAG 6610 or 6611 chassis where you can have multiple Application module sin which you can run UAC and SA services seperately on each blade.

 

Hope this calrifies your query.

 

Regards,

Kannan


 

Moderator Moderator
Moderator
Posts: 193
Registered: ‎08-22-2011
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

it was a typo as suggested by sonicboom I missed the t.

 

It can't be used as a SSL vpn and UAC at the same time.

Distinguished Expert
Posts: 2,402
Registered: ‎01-29-2008
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

It is worth noting that you can factory default the box and change it's "pesonality" IE - run it as an SSL-VPN or run it as a UAC box. Not to good for production - but handy for demo / testing.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

each blade on the system can only run one version at a time. if you have 2 blades, one can be an SA and the other IC. if you only have 1 blade though, yes, it is just one type

Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi All,

 

Many thanks for all the feedback. Another help if someone can give the url (KB) / doc how to setup MAG4610 as SSL VPN (step-by-step). I try to search in KB but not found any step-by-step. Below is the my network.

 

 

Internal LAN (MAG4610) ---->SSG5 ----> Internet

 

For your information i dont have any server. It just a simple network and to make sure i can remote from anywhere to my Internal LAN. Hope someone can help me. Thanks

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi zanytrep,

 

 

Thanks for the url... i already read the doc in the url given. But still not really undertand. Is there any video (step) for SSL VPN setup using MAG for example  (IC4500) in KB.....One more thing, is it enough requiremet to do SSL VPN if i just have SSG and MAG? Thanks appreciate your feedback.

Distinguished Expert
Posts: 2,402
Registered: ‎01-29-2008
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

From a software point of view the SSL and the MAG are pretty much the same. The steps required are going be the same also. You enable the hardware from the console and the use the WEB UI to configure. Any KB that talks about configuration will work for you.

 

As for your question about about doing SSL VPN if you have SSG and MAG - can you explain a bit? Your setup is fine. Using the MAG behind an SSG is a piece of cake. You can either run it in one-armed one where you just enable the internal interface only (in trust zone) and use a MIP on the SSG to pass traffic in from the outside along with the policy to allow the traffic from untrust to trust.

 

Or you can make a slighly more complex (and some would say more secure) setup by placing the external interface and internal interfaces into the SSG. Put the internal in your trust zone and your external in your untrust, or create a DMZ and place it there.

 

I had this exact setup for years with problems. SA2000 - SSG20 - Internet.

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi Mutt,

 

 

Many thanks for ypur feedback. I follow this URL but not detail what the step...http://www.juniper.net/techpubs/en_US/sa7.1/topics/concept/secure-access-configuring-overview.html ....regarding to your explanation SA2000, u mean that's refer to MAG4610 right? Thanks and appreciate your feedback..

Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi Mutt,

 

 

 

Currently i want to do from anywhere can access my office using SSL VPN (MAG4610).....Our office is just small not have server. The purpose is i want to make my Juniper lab can be access from anywhere (SSL VPN)....but i'm not have exprineced configure SSL VPN and MAG4610. So tha't make difficult to me. Hopefully u can show step by step how to configure in MAG. Thanks

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

There is no video step-by-step detailing login.
I would recommend working w/ JTAC as they are very experienced with helping do initial setup and answering questions
Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi zanyterp,

 

 

Currently my bos told me not to involve JTAC because if have a problem then we can open JTAC. Because if we open JTAC just because to make them to show how to config SSL VPN it will redeuce partner point. So that's why i need to search some alternative. Thanks.

Distinguished Expert
Posts: 2,402
Registered: ‎01-29-2008

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Well - configuring an SSL box is a multi-step process. Step one is do all the basic stuff - network addressing, certificates (not required to get going but cert errors are not nice) That kind of stuff.

 

I personally always start with Role Definitions. You need roles to assign to both realms and resources and by defining the roles 1st you spend a little time thinking about the types of access (web, RDP, ssh.....) you will grant. In addition I always define my defautl options for the UI and sessions first so I can use the defaults across my roles.

 

Then define my Auth servers. Next define any host check policies I wil use. Now I have what I need to create my user realms. My auth server, my HC (if any) and my roles. Role mapping ties my users to my roles within a realm.

 

Now I have a realm I can create a sign-in policy. (Personally I always start with the default sign-in and maybe just change the logo on that page before I go crazy building out multiple pages.

 

Once I have a sign-in policy defined (IE tying my user realms to the sign-in page) I can test. Even though I have not defined any resources the login process should work at this stage and I should just get an empty landing page.

 

Now i go and define the resources that will be tied to the roles and the box is functional and ready for use.

 

It may seem like I skip around a lot (if you think about the layout of the menu) but I find this order makes the most sense.

 

Hope this helps you!

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi Mutt,

 

 

Thanks for giving step. How about in SSG? Is there any specfic config need to turn on? Thanks and appreciate your feedback.

Trusted Contributor
Posts: 606
Registered: ‎08-10-2010
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

Hi Mutt / All,

 

Another  question is there need to use 2 port in MAG4610 to make SSL VPN or just enough using 1 port. Appreciate someone feedback. thanks

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Can MAG4610 use as SSL VPN and UAC at the same ?

one port is just fine; it is up to you on if you want to use both the internal port (required) and external port (optional). all traffic to the internal LAN is sourced from the internal port