04-15-2010 06:52 AM
Is there a best-practice way to implement a solution whereby the only way a user can access the Juniper SSL VPN is through Network Connect. I want to disable the ability for them to get to access the Juniper SA via a web browser. My first thoughts are:
1. To implement Custom Pages and modify the LoginPage.thtml so it doesn't have any ability to login. Therefore, only the LoginPage-stdaln.thtml allows access, as this is the page that is used by Network Connect
2. Perform a Host Check to verify that Network Connect is running. However, this will require Host Check to be installed, which will slow down the logon process.
Any suggestions or help would be appreciated.
04-15-2010 09:18 AM
Hey Chatan - NC can be started from a command line. It can be started at PC login. You can define a role that only allows NC so that when they login from a browser that is the only option available to them.
Not sure if I understand what you are trying to achieve so I hope these suggestions are of some help.
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador
Juniper Elite Reseller
J-Partner Service Specialist - Implementation
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
04-21-2010 05:11 AM
you might also look into the GINA option, incorporate NC in the Windows logon.
Best of luck!
04-21-2010 09:15 PM
Its doing the opposite of what you want however you should be able to leverage some of that logic. However as noted before in this thread - it is possible to preserve browser based login and still allow access only to Network Connect.