Pulse Secure formerly SSL VPN
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 18
Registered: ‎02-19-2008
0

Network connect and Proxy

Hi,

 

I have this situation.

In our network all clients use a manual proxy configuration on the browser to connect to Internet.

Some clients also use the laptops to connect from their home to the IVE through an UMTS card.

We have no proxy settings on this connection but we would like to have the proxy setting directly from the IVE so we have configured to use the proxy on these users from the IVE.

It is correct or not because at the moment it doesn't work?

 

Many thanks

Marco

Recognized Expert
Posts: 420
Registered: ‎03-24-2008
0

Re: Network connect and Proxy

Marco -

 

I have a lot of experience with Network Connect and how it handles proxying.  Can you tell me what you have coded in the NC profile for the proxy to be used?  How are you deciding that the current configuration is not working?

 

Ken

Contributor
Posts: 18
Registered: ‎02-19-2008
0

Re: Network connect and Proxy

Hi,

 

I have configured on the User Network Connect Profiles the Manual configuration of the proxy server (IP address and port). If I correctly understood the instantproxy.pac should be a merge with of the browser proxy settings and what configured in the IVE: it is right?

In my case I have to find only the proxy server settings because for the UMTS card connection I have no proxy settings. But unfortunately I found a merge with the proxy settings for the lan connection configured in the browser.

I hope you will understand.

Many thanks for your collaboration

Marco

Recognized Expert
Posts: 420
Registered: ‎03-24-2008
0

Re: Network connect and Proxy

Can you attach your instantproxy.pac from both the UMTS-launched session and from the LAN-launched session to this thread?
Contributor
Posts: 18
Registered: ‎02-19-2008
0

Re: Network connect and Proxy

Hi Ken,

 

Sorry but at the moment I have only the UMTS connection proxypac.

Can you verify that it is correct?

Bye

Marco

Recognized Expert
Posts: 420
Registered: ‎03-24-2008
0

Re: Network connect and Proxy

What were the user's proxy settings on the UMTS interface before the connection?  What are the proxy settings in the NC profile applied to the role?
Contributor
Posts: 18
Registered: ‎02-19-2008
0

Re: Network connect and Proxy

Hi Ken,

 

In the UMTS connection there is no proxy setting in the browser because the client use UMTS not only for connecting to the IVE.

The proxy settings in the IVE for those specific roles is manual proxy setting (IP address and port).

But I remember to you that in the browser settings there is a manual proxy configuration with some exclusions.

Do you know where the function FindClientProxy(url, host) is called??

Bye

Marco

Recognized Expert
Posts: 420
Registered: ‎03-24-2008
0

Re: Network connect and Proxy

I've looked at a number of instantproxy.pac files, and have never seen a call to FindClientProxy(url, host).

 

What is specified for the proxy in the NC connection policy which is applied to the UMTS users?

Contributor
Posts: 18
Registered: ‎02-19-2008
0

Re: Network connect and Proxy

Hi Ken,

You are right. I checked in Internet but I never find a proxypac with this function but it is created when the client connects to IVE  looking at the browser settings for LAN on the laptop where I have configured a manul proxy and some exclusions in order to access local servers without proxy.

In fact, if I configure the IVE to pass to client the proxy by manual configuration I find the proxy Ip address and port on the function: FindServerProxy

It is crazy.

Marco

Recognized Expert
Posts: 420
Registered: ‎03-24-2008
0

Re: Network connect and Proxy

Raul -

 

I think you are seeing normal behavior.  The instantproxy.pac file needs to make sure that the client browser can still reach the SA device through it's original proxy settings, and to make sure that any traffic which goes through the tunnel into the secured network can reach a proxy in case it requires one.  So, the FindProxyforURL function in the instantproxy.pac file effectively says "traffic destined for the SA needs to use the client browser proxy settings; all other traffic uses the proxy settings in the NC profile."

 

My guess is that the FindClientProxy function was originally used to establish the proxy for access to the SA; I'm guessing that Juniper had problems with that, but never took it out of the instantproxy.pac file.

 

Ken

 

 

Contributor
Posts: 18
Registered: ‎02-19-2008
0

Re: Network connect and Proxy

Hi,

 

You are right. But looking at the instantproxypac I don't understand when the  FindClientProxy function was called?

I know, looking at Juniper documentation that the instantproxypac should be a merge file for browser settings and IVE settings. So I suppose that the what I see in the FindClientProxy function was read from the browser and what is present in  FindClientProxy function was read from IVE.

J-TAC engineer told me to put the proxypac in a server and pass it directly from the IVE but It is not possible at the moment. In your experience have you seen the  FindClientProxy function? 

Thanks a lot for all

Marco

Highlighted
Recognized Expert
Posts: 420
Registered: ‎03-24-2008
0

Re: Network connect and Proxy

I've never seen an instantproxy.pac where there was a call to FindClientProxy.
Contributor
Posts: 45
Registered: ‎09-28-2009
0

Re: Network connect and Proxy

i Have a problem with a proxy,  i can  access my network through the IVE without a proxy configured on my browser, but when i configure it manually i can´t acces. it´s possible that the proxy don´t passthrough the DHCP of the IVE?

 

regards

Moderator
Posts: 198
Registered: ‎07-11-2008
0

Re: Network connect and Proxy

[ Edited ]

Marco,

You could also set a user's proxy setting via a NC start script (.VBS script that modifies the reg.) Not sure if that would help in your case however. The proxy settings could be removed by a logoff script.

 

jmartinez,

Can you paste a 'ipconfig' for before and after you connect with NC? I can't think of a reason why a proxy server would break DHCP.

Contributor
Posts: 45
Registered: ‎09-28-2009
0

Re: Network connect and Proxy

 

 

Moderator
Posts: 198
Registered: ‎07-11-2008
0

Re: Network connect and Proxy

[ Edited ]

I haven't seen an issue like you describe with NC before. I would test with another proxy if possible (squid would be a good test).

 

Next you can enable client side logging on the IVE for Network Connect, start a policy trace for the user, and do a wireshark on the PC for both the Juniper virtual adapter as well as the physical adapter, start a http watch as well in IE to record the login and web session, start a TCPDump on the IVE then try again. Take a look at the debuglog.log and see if you can find any errors. If nothing stands out then you can take these logs and open a JTAC case.

 

Also please note that NC will only work with HTTP proxys (such as squid), not socks or any other type. Also make sure you are using IE or Firefox for your browser.

Contributor
Posts: 45
Registered: ‎09-28-2009
0

Re: Network connect and Proxy

Hi to all,

 

The problem was, that my proxy denies the traffic for the new ip's assigned from the ive. When i connect to the ive, i assign an IP to the virtual security interface of the client.

 

Regards.