Pulse Secure formerly SSL VPN
Showing results for 
Search instead for 
Do you mean 
Reply
New User
Posts: 2
Registered: ‎11-18-2010
0 Kudos
Accepted Solution

Choosing between the Network Connect and the Junos Pulse clients

We've just bought an Juniper SA4500.  We had seen the NC client in use by other companies, and bought the Juniper appliance intending to use NC.  But now we seem to have a choice of two different clients and no obvious criteria for choosing between them.   Each seems to have some functions that the other does not have, but so far none of those differences is really compelling for us.

 

Anybody know if Juniper intends to replace NC with Junos Pulse, or if the Pulse client is aimed mostly at handheld devices?

 

 

 

 

Distinguished Expert
Posts: 2,405
Registered: ‎01-29-2008
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

Hey Carlo - 1st let me say I am just a little reseller - so I do not profess to speak for Juniper at all. Having said that I feel that Pulse is an absolute replacement for Network Connect.

 

It represents Juniper's universal client - running against all of Juniper's long term access solutions - UAC, SRX, SSL, WX. It is of course multi-platform with the release of the Apple IOS mobile, Android.... I think it is fair to say that it will make it's way to the OS/X platform sometime in 2011.

 

For a version 1 product is maps fairly well to Network Connect. There are some holes in tems of the current featue set vs NC (the Migration Guide has a good comparision chart) I would be confident that they will be addressed in future releases.

 

It also has pretty nice GUI from the user point of view. My customers find it quite cool and as they want to see the same user interface on their mobile device as on their PC I am getting a lot of push to get it up and running.

 

Short term, other than mobile devices I can't think of a single reason to migrate to it, other than it is bright and shiny. Long term I think it is the future user interface for all remote access - all platforms (alas excepting ScreenOS which is being left behind)...... Just my .02 cents.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

As muttbarker said, they are similar at this time

Unfortunately, as you see, there is not much difference in the two clients. 

Pulse has benefits if you are wanting to have users connect all the time (launch); it can help with having VPN on or not (based on location); and there are others, as you know, that are different between the two.

If this is not important for what you are looking at then Network Connect can be used without an issue.

 

It really comes down to which is going to be best for your users; there is no "right way" for the two L3 clients

Visitor
Posts: 9
Registered: ‎01-28-2013
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

is it possible on 7.4R6 when the user logs into the webpage/portal that he or she could choose which client they want to "Start" under the "Client Applications Sessions"?

 

Right now we have the Junos Pulse and than the Start button. We would like to have Network Connect and the start button as well.

 

Distinguished Expert
Posts: 2,405
Registered: ‎01-29-2008
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

Not within the context of a single role. Not near an SSL box so I can't test but I was trying to think what would happen if you setup two roles and used the merge feature. My gut says it won't work but it might be worth a try. 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
Posts: 2,405
Registered: ‎01-29-2008

Re: Choosing between the Network Connect and the Junos Pulse clients

Nope you can't - at least within a single role. You might try setting up two roles, one with NC and one with Pulse. Do merge roles and see what happens. I think it won't work but it is worth a shot. 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
Posts: 9
Registered: ‎01-28-2013
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

Thanks for your feedback Kevin.

 

I tried setting up the two roles and merging them. It would default to Junos Pulse every time and wouldn't display the network connect application "Start Button". The only solution I have until we get rid of the NC client is to setup the two separate roles and have the user pick upon log in. You would think that the merging option would allow the display of both clients.

Thanks for confirming.

Trusted Contributor
Posts: 108
Registered: ‎07-27-2010
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

I dealt with this by assiging both roles to the realm.  Then I used role restirictions to decide what role a type of client gets.  In my case I based on browser string with a *Win* and *Mac* for Junos Pulse and then let everyone else get NetworkConnect.

Moderator
Posts: 2,347
Registered: ‎11-19-2007

Re: Choosing between the Network Connect and the Junos Pulse clients

Yes, you have found the only way to do this: two roles and then either automatically assigning out the client on the role the way you did or by requiring users to choose the role. The clients cannot coexist on a user assignment and Pulse will get priority as it is the UI option enabled.
Contributor
Posts: 55
Registered: ‎01-12-2010
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

This is helpful, since it's exactly the problem we face as well -- since Juniper seems in no hurry to make a Linux version of Pulse available (yes, we've talked to the account team and others), and now Mavericks only supports Pulse, we've had to split our client base. Unfortunately, depending on our users profile they may end in one of several roles (determining which virtual interface they're on, not really mergeable attributes), so it looks like we'll need to duplicate all of our roles now :-(

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

What are your concerns about needing to duplicate roles? Is the duplication due to the need to have separate roles for Pulse or Network Connect?

You should not need to duplicate anything other than the VPN tunneling role and remove the VPN tunneling option from all other roles. This will allow the merge to happen and not require much duplication.

 

The bookmarks and other items can be assigned via resource profiles and users can be assigned those roles without an issue.

Contributor
Posts: 55
Registered: ‎01-12-2010
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

[ Edited ]

For example, we have

1) sysadmin users who are assigned interface X. There are Windows, Mac, Linux and mobile users in this group.

2) users who get specially assigned addresses from interface Y. There are Windows, Mac, Linux and mobile users in this group.

3) general users, who get addresses from interface Z. They are again on any imaginable platform.

4) Windows users who need the start-during-logon functionality.

 

All of the roles primarily use the VPN client to establish tunnels, not so much bookmarks or other functionality.

 

Obviously we don't need to accommodate NC users on category 4, but for every other category, my understanding is that I need to put an extra rule in the role matching logic that branches to role1-NC and role1-Pulse, role2-NC and role2-Pulse, role3-NC and role3-pulse depending on the platform the client is using, so we go from 4 roles to 7. This really becomes a bit annoying once we need to make changes, as they need to be replicated across all those roles, or when we need to add additional roles with separate VPN client interfaces.

 

 

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

Oh. Sorry I misunderstood the concern on what you were looking at in your deployment.
Unfortunately, then, yes, you need to have duplication for Pulse (Mac & Windows) and Network Connect (Linux) users.
Visitor
Posts: 9
Registered: ‎01-28-2013
0 Kudos

Re: Choosing between the Network Connect and the Junos Pulse clients

Thanks mattspierce and zanyterp,

 

I will continue to have the user select the role upon login until I phase out NC or can get to a point where users know they can launch NC without going to the webpage everytime and clicking the start button. mattspierce I would use the restrictions as a way but the mix of users using Junos Pulse and NC is broad and covers all browsers for both clients.