Symantec On-Demand 2.6/ Juniper IVE SSL VPN 5.2 Integration Guide Addendum



Similar documents
Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide

ADMINISTRATOR S GUIDE

Integrating Juniper Netscreen (ScreenOS)

NetScreen-5GT Announcement Frequently Asked Questions (FAQ)

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Getting Started Guide for Symantec On-Demand Protection for Outlook Web Access 3.0

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

Secure Virtual Workspace. Release 5.3R3. Juniper Networks Secure Access. Juniper Networks, Inc.

Hyper-V Server 2008 Setup and Configuration Tool Guide

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

PrivateServer HSM Integration with Microsoft IIS

Active Directory Provider User s Guide

SOA Software API Gateway Appliance 7.1.x Administration Guide

Omniquad Exchange Archiving

Microsoft IIS Integration Guide

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Juniper SSL VPN Authentication QUICKStart Guide

Strong Authentication for Juniper Networks SSL VPN

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Configuring and Implementing A10

Veeam Backup Enterprise Manager. Version 7.0

MaaS360 Cloud Extender

MaaS360 On-Premises Cloud Extender

Configuring Multiple ACE Management Servers VMware ACE 2.0

Archiving User Guide Outlook Plugin. Manual version 3.1

Implementing and Supporting Windows Intune

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

PRODUCT CATEGORY BROCHURE

CRM to Exchange Synchronization

Juniper Secure Access SSL VPN Log Configuration Guide

Mobile Device Management Version 8. Last updated:

Installing and Configuring vcloud Connector

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Verizon Remote Access User Guide

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Copyright 2013, 3CX Ltd.

with PKI Use Case Guide

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Deploying the Workspace Application for Microsoft SharePoint Online

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

Web Security Firewall Setup. Administrator Guide

NETWORK AND SECURITY MANAGER

Technical Certificates Overview

Reverse Proxy Guide. Version 2.0 April 2016

PaperStream Connect. Setup Guide. Version Copyright Fujitsu

Integrate Websense Web Security Gateway (WSG)

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Integrating Symantec Endpoint Protection

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

JUNOS PULSE APPCONNECT

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Polycom CMA System Upgrade Guide

SonicWALL SSL VPN 3.5: Virtual Assist

Thinspace deskcloud. Quick Start Guide

VMware Virtual Desktop Manager User Authentication Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Cloud Authentication. Getting Started Guide. Version

User Identification and Authentication

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

Installing and Configuring vcloud Connector

AvePoint CallAssist for Microsoft Dynamics CRM. Installation and Configuration Guide

ControlPoint. Advanced Installation Guide. Publication Date: January 12, Metalogix International GmbH., All Rights Reserved.

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Integrate Microsoft Windows Hyper V

What s New in Juniper s SSL VPN Version 6.0

Secure Access. Client-side Changes Guide. Instant Virtual Extranet Platform

Juniper Networks SSL VPN Implementation Guide

StoneGate SSL VPN Technical Note Setting Up Sygate On-Demand

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

WatchDox Administrator's Guide. Application Version 3.7.5

Secure IIS Web Server with SSL

Setting up an icap Server for ISG- 1000/2000 AV Support

5.0 Secure Meeting Error Messages

Cisco ASA Authentication QUICKStart Guide

NSM Plug-In Users Guide

Introduction. Document Conventions. Administration. In This Section

How to Secure a Groove Manager Web Site

BlackShield ID Agent for Remote Web Workplace

Check Point FDE integration with Digipass Key devices

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Host Access Management and Security Server

ShoreTel 13 Conferencing User Guide. Part Number

Quick Start Guide FLIR Firmware Update Tool

Transcription:

Symantec On-Demand 2.6/ Juniper IVE SSL VPN 5.2 Integration Guide Addendum Uploading the Jedi Package: Preventing Virtual Desktop Bypass during User Access to Juniper SSL VPN Appliance

Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide Addendum Copyright Information: Symantec Corporation Copyright 2003-2006 by Symantec Corporation. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic, mechanical, or otherwise, without prior written permission of Symantec Corporation. Information in this document is subject to change without notice and does not constitute any commitment on the part of Symantec Corporation. Symantec Corporation may own patents or pending patent applications, trademarks, copyrights, and other intellectual property rights covering the subject matter of this document. Furnishing of this documentation does not in any way grant you a license to any patents, trademarks, copyrights, or other intellectual property of Symantec Corporation. Symantec, Symantec Secure Enterprise, and the Symantec S Logo are registered trademarks or trademarks of Symantec Corporation. Microsoft and Windows are registered trademarks of Microsoft Corporation. All other companies and product names referenced herein may be trademarks or registered trademarks of their respective holders. ii

Copyright Information: Juniper Networks, Inc. Copyright (c) 2004-2006 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo are registered trademarks of Juniper Networks, Inc. NetScreen-5GT, NetScreen-5GT ADSL, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen- 5200, NetScreen-5400, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client, NetScreen-Remote VPN Client, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC, GigaScreen-II ASIC, and NetScreen ScreenOS are trademarks of Juniper Networks, Inc. All other trademarks and registered trademarks are the property of their respective companies. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without receiving written permission from: Juniper Networks, Inc. 1194 N. Mathilda Ave., Sunnyvale, CA 95014 ATTN: General Counsel iii

Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide Addendum Table of Contents Symantec Jedi Package and Virtual Desktop Bypass Prevention... 1 Prerequisites...1 Symantec...1 Juniper...2 Symantec Support...2 Third-Party Product Support...2 Virtual Desktop Bypass Description...3 Installing the Jedi Package...3 Step 1: Setting Up Symantec On-Demand Manager...3 Symantec On-Demand Setup Procedures...3 Configure URLs...4 Set Up Policies for Export...4 Step 2: Upload the jedi.zip File to the Juniper SSL VPN Appliance...5 Point to the jedi.zip file and Enable the New Jedi Policies...6 iv

Symantec Jedi Package and Virtual Desktop Bypass Prevention When clients are using the Virtual Desktop but then switch back to their normal desktop, there may be instances of misuse of the Success URL link within the Virtual Desktop. In this case, if the Success URL link within the Virtual Desktop for Juniper login is copied, and the user switches to the normal desktop and opens a browser and uses that Success URL link, then that user could potentially login to the Juniper appliance without the Virtual Desktop. The Jedi Package prevents this level of bypass of the Virtual Desktop. When the jedi.zip file is uploaded to the Juniper appliance, it is transparently unzipped and two new rules are created. These new rules assure usage of the Virtual Desktop during user login to the Juniper SSL VPN appliance. This integration guide addendum provides the tasks required to upload the Symantec jedi.zip package in order to prevent the bypassing of the Virtual Desktop during user login and access to the Juniper SSL VPN appliance. Note: There are two basic methods you can use to integrate the Symantec On- Demand functionality with the Juniper appliance. One uses a built-in Host Check Client Interface to manage the integration, and the other uses a customized user interface based on templates to accomplish the same goal. The tasks required to prevent the bypass of the Virtual Desktop involve use of the customizable user interface integration method. Refer to the Symantec On- Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide for information about the customizable user interface integration process. Prerequisites Symantec The instructions that follow assume that the Symantec On-Demand Manager is installed on your machine, and that your copy of the Symantec On-Demand Manager is licensed appropriately with the Virtual Desktop module enabled. For information about licensing issues, or about how to install or configure the Symantec On-Demand Manager, see the Symantec On-Demand Administration Guide. 1

Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide Addendum Juniper You must have an Advanced license for your Juniper SSL VPN appliance. The instructions in this addendum assume that the NetScreen Secure Access appliance and the Juniper IVE have been installed and configured according to the instructions in the appliance s installation guide and the NetScreen Instant Virtual Extranet Platform Administration Guide. The instructions also assume that roles (JSAM and NC) have already been created on the NetScreen Secure Access appliance. Please see the NetScreen Instant Virtual Extranet Platform Administration Guide for instructions on how to create these roles. Symantec Support Symantec Corporation provides a wide variety of service and Support programs. Contact Symantec at: http://www.symantec.com Third-Party Product Support If you obtained this product from a hardware or software company other than Symantec Corporation directly, your software license as well as all service and support should be obtained through that vendor. Check the Addendum provided with the package for service and support information. 2

Virtual Desktop Bypass Description In practice, when a client connects to a Juniper SSL VPN appliance, the Virtual Desktop is loaded and within the Virtual Desktop the client is provided a login interface to the Juniper appliance interface. However, the Success URL link provided for the Virtual Desktop is sometimes applied to the normal desktop instead, thereby bypassing the Virtual Desktop. Symantec On-Demand 2.6 includes a new Jedi Package that prevents bypass of the Virtual Desktop. The Jedi Package is a zip file uploaded to the Juniper appliance. It enables two new rules that manage proper usage of the Virtual Desktop. Use the following steps to prevent a user from accessing the Juniper SSL VPN appliance interface without the Virtual Desktop. Installing the Jedi Package Step 1: Setting Up Symantec On-Demand Manager This section describes how to set up the Symantec On-Demand Manager to prepare for uploading of the jedi.zip file to the NetScreen Secure Access appliance. Symantec On-Demand Setup Procedures You need to perform two basic tasks in the On-Demand Manager to prepare files for integration with the Juniper appliance: Configure the On-Demand module(s) to access the IP address or DNS-resolvable name of the appliance. Each module can point to a different sign-in page if desired. Set and apply policies for each module. These tasks are described below. 3

Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide Addendum Configure URLs 1. Launch the Symantec On-Demand Manager and click the + sign next to Location (Office in this example) to expand it. 2. Click the module you want to export (Virtual Desktop in this example). 3. Click the URL tab. 4. In the Success area of the URL tab, enter the IP address or DNS-resolvable name of the NetScreen Secure Access appliance s login page. (Don t forget to enter the s in https, and make sure that Set Cookie is not checked.). In this example the URL is composed of the appliance s IP address and the /vd/ extension. You will use this URL later when you create the Secure sign-in policy on the NetScreen Secure Access appliance. See Create Secure Sign-in Policy for more information. 5. Using the Virtual Desktop and Web Browser tabs, set up the On-Demand policies and rules that you want to export to the Juniper appliance. Remember to click Apply to save your settings. 6. Repeat steps 2 through 5 for each module for which you want to specify a URL. Please note that you cannot use the same URL extension (/vd/ in this example) for the other modules. Each module you configure must have a different extension. For further information about setting up URLs for locations, see the Setting the Success and Failure URLs section of the Symantec On-Demand Manager Administration Guide. Set Up Policies for Export When you use the Custom UI integration method, you can specify policies for all of the Symantec On-Demand modules and prepare them for upload to the NetScreen Secure Access appliance. You can specify different policies for each of your locations. Please see 4

Installing the Jedi Package the Symantec On-Demand Manager Administration Guide for detailed information about how to create policies. 1. Launch the Symantec On-Demand Manager and click the + next to the desired location (Office in this example) to expand it. 2. Click Host Integrity, Virtual Desktop, or Cache Cleaner (Virtual Desktop in this example) and specify the policies you want to enforce on endpoint machines in this location. 3. Click Apply to save your settings. 4. Continue specifying policies for the other modules as desired. Remember to click Apply to save your settings before exiting each tab. Step 2: Upload the jedi.zip File to the Juniper SSL VPN Appliance This section describes how to upload the jedi.zip file located in the Symantec directory to the Juniper appliance. Note: The Jedi Package is used only for custom UI integration method. Refer to the Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide for information about creating, editing, and uploading custom UIs. 5

Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide Addendum Point to the jedi.zip file and Enable the New Jedi Policies 1. Log on to the Juniper SSL VPN appliance as an administrator. 2. Click System Endpoint Security, then click the Host Checker tab. 3. Now click New 3 rd Party Policy. Name the new policy (in the example, we named the policy No_Normal_Window_login. 4. Browse to the jedi.zip file located at C:\Program Files\Symantec\Symantec On-Demand. 6

Installing the Jedi Package 5. Click Save Changes. 6. Next, click Users User Authentication Realms SecureVD and click the Authentication Policy tab. Note: In the custom UI integration method, there is typically one secure and one insecure realm configured for integration with Symantec On-Demand. In the next step, you enable the new policies defined by jedi.zip in the secure realm. For information about configuring a secure realm, see page 41 of the Symantec On-Demand 2.6/Juniper IVE SSL VPN 5.2 Integration Guide. 7

Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide Addendum 7. In the Authentication Policy window, click Host Checker in the submenu (located under the Tabs). Note: When jedi.zip was uploaded, it created two new policy entries under the Host Checker. You will now enable the new policies. 8. Enable the new jedi.zip policies by clicking the two bottom-most checkboxes for the newly available policies in both the Evaluate Policies column as well as the Require and Enforce column. 9. Click Save Changes. The new jedi.zip policies are now enabled and users will now be prevented from bypassing the Virtual Desktop when accessing the Juniper SSL VPN appliance interface. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information