i am not sure if any one is going to chime in here due to all the NDAs everyone has signed but i am pretty sure this is something on everyones list because i am not sure about you guys but i have over 5-6k users that do a full tunnel network connect and everytime i do a code update we have to update their clients so a static client that will work independent of code running on the SA will be very nice.

bump.. Anyone.. Bueller ..

The only thing I have heard is that they are working on some new client. They need to remove the requirement that the server and client have the same version. We have areas in the company that go into a freeze and cannot do any software updates. We need to have a way to control the distribution of the client independent of the server version. I guess we will have to submit an enhancement request.

@drf:

 

If you can go to other sites and the host checker works it could be a conection missing from User Realm --> Authentication Policy -- Host Checker.

We are not using host checker. Basically we want to be able to upgrade the server OS and have absolutely no affect to the client components i.e. no NC auto upgrade. We want to push the NC version out using our own deployment tools. Our Desktop organization has strict rules on this.

Hi drf

 

As you already know, there is no option to turn off the auto upgrade of NC. The reason is that we can not provide backwards compatibility for older NC clients working with newer SA-OS versions because of changes in the code and features supported.

 

Regards

T.

yet Cisco and every other SSLVPN Provider have seemed to make this work very nicely. tkolb, is that Juniper can't do it or that Juniper does not want to invest the time in it. This is a major flaw in the design of the Network Connect.

 

As someone stated earlier in the thread, to upgade the switch code, Network Connect Client Code and Host checker for 3000 users all on the same day is simply too much change. Fine for small operations but our Help-Desk cant handle that kind of call volume when things go wrong. (And things do go wrong during the upgrade.)

Backwards compatiblity and forwards compatiblity are two different issues.  Backwards should not be an issue for at least one or two versions.

 

This also becomes a major issue when conencting to multiple networks, or using a test network for new firmware.  Each connection requires the software to be re-installed over and over.  It is quite a hassle.