03-12-2012 10:30 AM
7.1R2 (build 18193)
Using Junos Pulse client
I have a question about proxy server configuration under the network connect profiles section.
Network Connect Connection Profiles > Proxy Server Settings
If I add an IP address of one of our proxy servers in the "manual configuration" should this force all internet traffic through this proxy for users connected via network connect? I have done this but it does not seem to function this way. I have tested with IE and FF. Any advice?
03-12-2012 08:19 PM
After NC connected, in IE > Options > connection setting we should see instantproxy.pac file. Do you see this file?
Also, VPN tunnel configured in split tunnel enabled or disabled?
I did a quick check in lab,
Network Connect Connection Profiles > Proxy Server Settings, I set manual proxy
Role > Network connect > VPN tunneling option I set to Split tunnel disable
After I establish VPN tunnel, I could see that all my IE internet traffic flow via mentioned proxy setting.
03-12-2012 08:44 PM
I do not see that in IE settings. I wonder if this is an issue with the version of pulse or the IVE I am running? I have a test box I can load an updated IVE on but any other recomendations would be appreciated.
03-13-2012 06:50 AM
Just a couple quick notes -
I just tested in in my lab environment which is setup almost identical to my production and I have the same issue. I will be updating the IVE and Pulse client to see if that resolves it.
As far as split tunnel - The connection profile I use for network connect/pulse is used for full and split tunnel connections. I have different roles in place to access different network resources. Basically if a user is not on a corporate network it is full tunnel and if they are on a corporate network it is split tunnel to specific network segments. I will update as I learn more.
03-13-2012 07:30 AM
I configured my test environment similar to yours:
7.1R4.1 (build 19525)
I set the manual proxy in the network connect connection profile, and utilized 1 role that has split tunnel disabled. Unfortunately I have the same results, it does not modify the internet explorer proxy settings. What version of IE are you testing with? I am currently testing with IE 8
03-14-2012 05:21 AM
ok, I actually found the problem. This works fine in Windows XP 32bit but the OS I am having issues with is Windows 7 x64. I ran procmon while connecting and discovered the dsAccessService.exe is trying to write the instantproxy.pac to C:\Users\Administrator\AppData\Roaming\Juniper Networks\instantproxy.pac instead of the logged in user's temp directory. This would cause it to fail as the logged in user will not have access to that directory. Any idea why it is trying to write to the administrator profile instead of the logged in profile? The only reason I can think of is because dsAccessService.exe is running as SYSTEM but this is the case in Windows XP also but it still writes to the logged in user's profile. I am going to open a case but wanted to update this thread also incase others run into this problem or if anyone has any workarounds. I am continuing to troubleshoot this and will update with more info as available.