11-18-2010 03:11 PM
We've just bought an Juniper SA4500. We had seen the NC client in use by other companies, and bought the Juniper appliance intending to use NC. But now we seem to have a choice of two different clients and no obvious criteria for choosing between them. Each seems to have some functions that the other does not have, but so far none of those differences is really compelling for us.
Anybody know if Juniper intends to replace NC with Junos Pulse, or if the Pulse client is aimed mostly at handheld devices?
Solved! Go to Solution.
11-18-2010 04:27 PM
Hey Carlo - 1st let me say I am just a little reseller - so I do not profess to speak for Juniper at all. Having said that I feel that Pulse is an absolute replacement for Network Connect.
It represents Juniper's universal client - running against all of Juniper's long term access solutions - UAC, SRX, SSL, WX. It is of course multi-platform with the release of the Apple IOS mobile, Android.... I think it is fair to say that it will make it's way to the OS/X platform sometime in 2011.
For a version 1 product is maps fairly well to Network Connect. There are some holes in tems of the current featue set vs NC (the Migration Guide has a good comparision chart) I would be confident that they will be addressed in future releases.
It also has pretty nice GUI from the user point of view. My customers find it quite cool and as they want to see the same user interface on their mobile device as on their PC I am getting a lot of push to get it up and running.
Short term, other than mobile devices I can't think of a single reason to migrate to it, other than it is bright and shiny. Long term I think it is the future user interface for all remote access - all platforms (alas excepting ScreenOS which is being left behind)...... Just my .02 cents.
11-20-2010 10:34 PM
As muttbarker said, they are similar at this time
Unfortunately, as you see, there is not much difference in the two clients.
Pulse has benefits if you are wanting to have users connect all the time (launch); it can help with having VPN on or not (based on location); and there are others, as you know, that are different between the two.
If this is not important for what you are looking at then Network Connect can be used without an issue.
It really comes down to which is going to be best for your users; there is no "right way" for the two L3 clients
12-05-2013 02:33 PM
is it possible on 7.4R6 when the user logs into the webpage/portal that he or she could choose which client they want to "Start" under the "Client Applications Sessions"?
Right now we have the Junos Pulse and than the Start button. We would like to have Network Connect and the start button as well.
12-05-2013 05:01 PM
Not within the context of a single role. Not near an SSL box so I can't test but I was trying to think what would happen if you setup two roles and used the merge feature. My gut says it won't work but it might be worth a try.
12-05-2013 05:04 PM
Nope you can't - at least within a single role. You might try setting up two roles, one with NC and one with Pulse. Do merge roles and see what happens. I think it won't work but it is worth a shot.
12-06-2013 06:43 AM
Thanks for your feedback Kevin.
I tried setting up the two roles and merging them. It would default to Junos Pulse every time and wouldn't display the network connect application "Start Button". The only solution I have until we get rid of the NC client is to setup the two separate roles and have the user pick upon log in. You would think that the merging option would allow the display of both clients.
Thanks for confirming.
12-06-2013 09:05 AM
I dealt with this by assiging both roles to the realm. Then I used role restirictions to decide what role a type of client gets. In my case I based on browser string with a *Win* and *Mac* for Junos Pulse and then let everyone else get NetworkConnect.
12-06-2013 07:27 PM
12-10-2013 07:09 AM
This is helpful, since it's exactly the problem we face as well -- since Juniper seems in no hurry to make a Linux version of Pulse available (yes, we've talked to the account team and others), and now Mavericks only supports Pulse, we've had to split our client base. Unfortunately, depending on our users profile they may end in one of several roles (determining which virtual interface they're on, not really mergeable attributes), so it looks like we'll need to duplicate all of our roles now :-(
12-10-2013 07:45 AM
What are your concerns about needing to duplicate roles? Is the duplication due to the need to have separate roles for Pulse or Network Connect?
You should not need to duplicate anything other than the VPN tunneling role and remove the VPN tunneling option from all other roles. This will allow the merge to happen and not require much duplication.
The bookmarks and other items can be assigned via resource profiles and users can be assigned those roles without an issue.
12-10-2013 08:17 AM - edited 12-10-2013 08:29 AM
For example, we have
1) sysadmin users who are assigned interface X. There are Windows, Mac, Linux and mobile users in this group.
2) users who get specially assigned addresses from interface Y. There are Windows, Mac, Linux and mobile users in this group.
3) general users, who get addresses from interface Z. They are again on any imaginable platform.
4) Windows users who need the start-during-logon functionality.
All of the roles primarily use the VPN client to establish tunnels, not so much bookmarks or other functionality.
Obviously we don't need to accommodate NC users on category 4, but for every other category, my understanding is that I need to put an extra rule in the role matching logic that branches to role1-NC and role1-Pulse, role2-NC and role2-Pulse, role3-NC and role3-pulse depending on the platform the client is using, so we go from 4 roles to 7. This really becomes a bit annoying once we need to make changes, as they need to be replicated across all those roles, or when we need to add additional roles with separate VPN client interfaces.
12-10-2013 08:40 AM
12-11-2013 08:59 AM
Thanks mattspierce and zanyterp,
I will continue to have the user select the role upon login until I phase out NC or can get to a point where users know they can launch NC without going to the webpage everytime and clicking the start button. mattspierce I would use the restrictions as a way but the mix of users using Junos Pulse and NC is broad and covers all browsers for both clients.