Junos Pulse Release 4.0R1



Similar documents
Junos Pulse Release 3.0R1.1

PULSE. Pulse for Windows Phone Quick Start Guide. Release Published Date

Receiver Updater for Windows 4.0 and 3.x

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

Accessing Restricted University Online Resources Using Network Connect. on the Secure Remote Access Service

Network Connect Installation and Usage Guide

Client Error Messages

Access to applications and the network depends on whether or not you are using personal equipment or a Firm-issued laptop or desktop.

Junos Pulse. Administration Guide. Release 3.0. Published: Copyright 2012, Juniper Networks, Inc.

Pulse Secure Client for Chrome OS

Junos Pulse Supported Platforms

MITA End-User VPN Troubleshooting Guide

VPN Web Portal Usage Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Junos Pulse Supported Platforms Guide

Pulse Administration Guide. Pulse. Administration Guide by Pulse Secure, LLC. All rights reserved

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Junos Pulse Supported Platforms

VPN User Guide. For Mac

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

Table of Contents. FleetSoft Installation Guide

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

AT&T Global Network Client User s Guide

Steps for Basic Configuration

Citrix Access Gateway Plug-in for Windows User Guide

CONNECT-TO-CHOP USER GUIDE

CHECK POINT MOBILE ACCESS VPN

Pulse Secure Client. Administration Guide. Product Release 5.1. Document Revision 1.0 Published:

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

Installing and Configuring vcloud Connector

A Guide to New Features in Propalms OneGate 4.0

Chapter 10 Troubleshooting

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

Configuration Manual English version

IBM Remote Lab Platform Citrix Setup Guide

RLP Citrix Setup Guide

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

ThinPoint Quick Start Guide

Table of Contents. Cisco Cisco VPN Client FAQ

Juniper Networks Secure Access Release Notes

Shakambaree Technologies Pvt. Ltd.

new Business Online Technical Troubleshooting Guide

Software Version 1.0 ConnectKey TM Share to Cloud April Xerox ConnectKey Share to Cloud User / Administrator s Guide

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

DOE VPN Client Installation and Setup Guide March 2011

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

Aspera Connect User Guide

A6210 WiFi USB Adapter ac USB 3.0 Dual Band User Manual

MultiSite Manager. Setup Guide

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Networking Guide Redwood Manager 3.0 August 2013

MN-700 Base Station Configuration Guide

Initial Access and Basic IPv4 Internet Configuration

Pulse Secure Desktop Client Supported Platforms Guide

SonicWALL SSL VPN 3.5: Virtual Assist

Installation Guide for Pulse on Windows Server 2012

5.0 Secure Meeting Error Messages

Allworx OfficeSafe Operations Guide Release 6.0

Installation Guide for Pulse on Windows Server 2008R2

Pulse Secure Desktop Client

Frequently Asked Questions: Cisco Jabber 9.x for Android

Enterprise Remote Control 5.6 Manual

DeployStudio Server Quick Install

DATA PROJECTOR XJ-A146/XJ-A246/XJ-A256

Remote PC Guide for Standalone PC Implementation

Non-Employee VPN Quick Start Guide

FreeAgent DockStar Network Adapter User Guide

Fiery E100 Color Server. Welcome

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Troubleshooting Sprint Mobile Broadband USB Modem by Novatel Wireless TM (Ovation TM U727)

Using Cisco UC320W with Windows Small Business Server

Virtual Data Centre. User Guide

Pulse Secure Desktop Client Supported Platforms Guide

Service "NCPCLCFG" is not running In this case, increase the WaitForConfigService setting until the problem is circumvented

Quick Startup Installation Instructions. Overview. Important Information

Setting up FileMaker 10 Server

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

DATA PROJECTOR XJ-A135/XJ-A145/XJ-A235/ XJ-A245

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Help. F-Secure Online Backup

Pulse Secure Universal App for Windows

Release Notes for Websense Web Endpoint (32- and 64-bit OS)

Active Directory 2008 Implementation Guide Version 6.3

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Two-Factor Authentication

Application Note Startup Tool - Getting Started Guide

Chapter 8 Router and Network Management

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

How to Set Up SSL VPN for Off Campus Access to UC eresources

4.0 SP1 ( ) November P Xerox FreeFlow Core Installation Guide: Windows Server 2008 R2

Troubleshooting AVAYA Meeting Exchange

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

Citrix XenApp 6 Fundamentals Edition for Windows Server 2008 R2 Administrator's Guide

Client applications are available for PC and Mac computers and ios and Android mobile devices. Internet

ProSafe Plus Switch Utility

Using desktop ANYWHERE

Network Setup Guide. Introduction. Setting up for use over LAN

Transcription:

Access Solutions Junos Pulse Release 4.0R1 Junos Pulse Build# 32327 Pulse Secure Access Build# 23727 Pulse Access Control Build# 20957 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2000 or 888 JUNIPER www.juniper.net February, 2013 Juniper Networks, Inc. 1

Contents Junos Pulse Release 4.0R1... 1 Installing and Deploying Junos Pulse 4.0R1... 3 Interoperability and Supported Platforms... 3 Noteworthy Changes Introduced in Release 4.0R1... 3 Junos Pulse 4.0R1 - Known Issues and Limitations Fixed in Release 4.0R1... 3 Junos Pulse 4.0R1 - Known Issues and Limitations... 3 Junos Pulse for Windows... 3 Junos Pulse for Macintosh... 4 Installation and Configuration for Windows... 4 Installation and Configuration for Macintosh... 6 Access Control... 6 Secure Access... 7 Endpoint Security... 8 Screen OS... 9 SRX... 9 Integrated ipass Client for Windows... 9 Secure Application Manager for Windows... 10 Machine Authentication for Windows... 10 Credential Provider for Windows... 10 Junos Pulse Collaboration Integration... 11 802.1x for Windows... 11 Application Acceleration for Windows... 11 Requesting Technical Support... 11 For information about supported minimum requirements for Network and Security Manager (NSM), please refer to the Juniper Networks Network and Security Manager Installation Guide. Juniper Networks, Inc. 2

Installing and Deploying Junos Pulse 4.0R1 There are several ways to deploy Junos Pulse to endpoints: Create a custom configuration on the Pulse Secure Access server or Pulse Access Control server, and direct users to navigate to the access device for an automatic download through a role. This is the simplest way to deploy Junos Pulse. Create a custom configuration, download an installer package, and distribute to users through a System Management Server (SMS). Download the default installer from the Maintenance > System > Installers page and distribute to users. With the default installer, all components needed for connecting to an access device are included in the client. Users can create connections to specific Pulse servers or they can use the Pulse server Web access page to install a Pulse connection to that server. For custom configurations, you create component sets and connection sets on the Junos Pulse Secure Access server or Pulse Access Control server, and then download an installer package. See the Junos Pulse documentation for complete instructions. Interoperability and Supported Platforms Please refer to the Pulse Supported Platforms document for supported versions of Screen OS, JUNOS, browsers, and operating systems in this release: http://www.juniper.net/support/products/pulse Noteworthy Changes Introduced in Release 4.0R1 Junos Pulse users can suspend individual connections and access local network resources without logging off from the Pulse server. The Pulse administrator can configure Pulse connections to use either device or user certificates for certificate authentication. Important Junos Pulse operational events are now logged to the Windows Event logging facility. Deploying Junos Pulse from either a Secure Access or Access Control server will now always include the Host Checker and network driver components. Junos Pulse 4.0R1 - Known Issues and Limitations Fixed in Release 4.0R1 After rebooting, the Junos Pulse Credential Provider should no longer display two tiles for each user. (783723) Junos Pulse 4.0R1 - Known Issues and Limitations The following is the list of known issues in this release: Junos Pulse for Windows When the system is coming out of sleep and both wired and wireless connections are configured on the Pulse Secure Access or Pulse Access Control server with wireless suppression enabled, the user may be prompted for user credentials. (850206) When specifying a Location Awareness policy, the Network List Manager (NLM) may not honor the entire range of IP addresses when both the third and fourth octets are specified as 0.0 (xx.xx.0.0 yy.yy.0.0). As a workaround, the entire range of addresses from 0-255 should be considered. (515109) Behavior of the product for features not supported over IPv6 e.g. Pulse SAM is undefined in IPv6 scenarios.(774974) The recommended method of starting Junos Pulse from the Windows Start menu is to click the Junos Pulse entry under the Juniper Network\Junos Pulse program group shortcut. Right clicking the Junos Pulse entry and running as administrator may fail to launch Junos Pulse. (750033) Juniper Networks, Inc. 3

When using a Smartcard, the user is prompted by either the Smartcard provider or Microsoft Base Smartcard Crypto Provider CSP for the PIN/Password. This prompt is not managed by Pulse and may remain displayed after a Pulse connection is disconnected or the Pulse process has exited. (549408) When Custom SSL Cipher Selection is chosen on the Pulse Access Control server and AES alone is selected, Pulse connections from XP clients will not work. This is a limitation due to the cryptography available from the Windows XP operating system. (516592,555704) Pulse UI does not display correctly in High Contrast graphics settings. (490249) Disabling Junos Pulse Split Tunneling on a Secure Access device may impact the ability for Pulse to evaluate Location Policies associated with the physical interface on the endpoint. (506100) When using a packet capture / monitor tool like Wireshark or NetMon (on XP), certain IP packets sent may appear to be sent 'twice'. This is most often observed when the network capture mechanism enables "Promiscuous Mode" on the network adapter. (514609) The Pulse UI may not display correctly on screen resolutions of 800 x 600 or less. (524205) When upgrading Junos Pulse with the ipass Open Mobile Platform installed, the user may be prompted to reboot their machine when the installation completes. (738603) To use RSA SecureID Soft-Token version 4.1.1 with Junos Pulse, install the RSA SecureID Soft-Token automation support using RSASecurIDTokenAuto411.msi. Please refer to the Desktop Application with Software Token Automation section in the corresponding release notes (SecurIDTokenWindows411_release_notes.pdf). All prior versions of RSA SecurID Soft Token (including 4.1.0) will not require any special considerations. When attempting to use a certificate to authenticate on Windows XP, Junos Pulse may not be able to determine whether the certificate is from a smart card. (719517) The option to disable wireless connections for non-broadcast SSID networks is not supported for Windows XP. (682358). When attempting to establish a Remote Desktop session to a system running Junos Pulse with 802.1X connections, the 802.1X connection should be configured for an automatic connection when the machine starts or when the machine starts followed by user login on the Pulse Secure Access server. (701644) Junos Pulse for Macintosh The Location Awareness rules with Action 'DNS server' or 'Resolve address' may not work as expected on Junos Pulse for Macintosh. Note: On all OSX versions, the 'DNS server' rule will not detect DNS servers that the user has manually assigned to an interface. DNS servers assigned by DHCP will work correctly. On Snow Leopard and earlier, the 'Resolve address' rule always evaluates to false. On Lion and Mountain Lion, the 'Resolve address' works correctly. (749362) When switching users while connected to a Pulse Secure Access server, Junos Pulse may show the connection status as connect request indefinitely. (745651) Junos Pulse on Macintosh doesn t support the Safari browser auto proxy discovery settings. (744704) When Junos Pulse has active connections and the user puts the system to sleep, Junos Pulse may not restore those connections when the system wakes up. (693300) Installation and Configuration for Windows When attempting to connect to a Pulse Secure Access server after having upgraded Symantec Endpoint Protection to version 12 with Junos Pulse installed, the connection may fail to setup the virtual adapter properly. As a workaround, reinstall Junos Pulse. (834055) When attempting to upgrade Junos Pulse, the user may be informed on subsequent upgrade attempts that a reboot is required to complete the installation. As a workaround, delete the file "C:\Program Files (x86)\common Files\Juniper Networks\JSCDT\REBOOT" and reattempt the upgrade. (843785) When Junos Pulse prompts the user to upgrade and a compliance check fails, the upgrade may fail if the remediation window is displayed. Closing the remediation window may allow the upgrade to complete. (809992) When Junos Pulse is configured with Minimal components, the user may be prompted multiple times to upgrade when Juniper Networks, Inc. 4

connecting to a Pulse Secure Access server or Pulse Access Control server configured with either Host check polices or when Enhanced Endpoint Security (EES) is enabled. (802723) When Junos Pulse is configured for host check policies and the user cancels an upgrade prompt, established connections will be disconnected. (798041) Pulse can t upgrade from pre Junos Pulse 3.1 installed versions to Junos Pulse 3.1 by logging into 7.3 Secure Access Gateway over IPv6 connections. Workaround is to upgrade through browser login is to use a hostname mapping to an IPv6 address or use MSI based install (784767) The Junos Pulse configuration file cannot be downloaded from a Pulse Secure Access server or Pulse Access Control server when used with Internet Explorer s default security settings. The workaround is to add the Pulse Secure Access server or Pulse Access Control server IP address to the trusted site list under Tools->Internet Options->Security- >Trusted Sites. (581648) Once Junos Pulse 2.0 is installed, it is not advisable to use the standalone Pulse 1.0 installer. This may result in failures to uninstall any Junos Pulse 1.0 components. (575731) If the RSA Soft Token application (RSA 4.1.0.458) is installed after the Junos Pulse 2.0 is installed, you must reboot the system in order for Junos Pulse to detect the presence of the soft token application. (543379) Canceling the Junos Pulse client installation is currently not supported. (492565) Pulse deployed via dynamic deployment from a Pulse Secure Access server or Pulse Access Control server cannot be upgraded using the full installer package. (513007) Some users may experience extended install times for Juniper's network driver component. (494736) Some versions of Windows XP contain a known issue that causes extended install times for Pulse. Please refer to MS Incident KB949900 for a patch that should resolve the issue (http://support.microsoft.com/default.aspx/kb/949900). (519639) Pulse installation on Vista x64 may not pre-install Juniper Networks Virtual Adapter instances. The first time a Pulse connection is established that requires a Juniper Networks Virtual Adapter instance the adapter will be installed resulting in a slight delay during the first connection. (521929) If the user receives the error message error provisioning access method connection when attempting to establish a connection, it is possible that a third party USB device is interfering with the Juniper Networks Virtual Adapter. (527406) When attempting to establish connections, Pulse may prompt you multiple times to upgrade 'missing components'. (529409) The Pulse Secure Access server or Pulse Access Control server administrator must associate a connection set with Pulse enabled user roles in order for Pulse to be properly deployed to endpoints. Pulse will not be installed or upgraded if the Pulse role references an empty connection set. (525667) Pulse pre-configured installers cannot re-bind the endpoint when it is already bound to a server. (524357) If Junos Pulse 3.0 is installed and the user attempts to launch the Junos Pulse client from a Pulse Secure Access 7.1 server, the Pulse Secure Access server may attempt to re-install Junos Pulse. To avoid this issue and establish connections to the Pulse Secure Access server, users should launch the Junos Pulse 3.0 client instead. When upgrading Junos Pulse 2.1 with a minimal installed component set without the TNC Client to Junos Pulse 3.0 with a component set that includes the TNC Client, the Junos Pulse installation may get into a corrupt state after the user authenticates using 802.1X. As a workaround, re-install the Junos Pulse 3.0 Client. (756812) When attempting to establish a connection to a Pulse Secure Access server with Junos Pulse configured with a minimal component set installed from a Pulse Access Control server, additional installed components may be required to successfully connect. (728128) While installing Junos Pulse on Windows XP, the amount of time needed to complete the installation may take longer than expected. If this should occur, be patient and allow the installation to complete. (720399) When attempting to upgrade a previous version of Junos Pulse without Host Checker installed, the upgrade to Junos Pulse 3.0 may fail if Host Checker is required. (743338) Junos Pulse 3.0 does not support deployment from a Pulse Secure Access server version 7.0 or Pulse Access Control server 4.0 or earlier device. (678367, 598627) Juniper Networks, Inc. 5

When Enhanced Endpoint Security (EES) is installed and Junos Pulse is upgraded, EES may not get upgraded to the newer version. (567117) When connected to a Pulse Secure Access server with Junos Pulse over a low bandwidth network connection, the user may not be prompted for upgrades. (742432) Installation and Configuration for Macintosh Due to the default Gatekeeper settings on Mac OSX 10.8 (Mountain Lion), installing Junos Pulse using the standalone installer package using the Finder may fail. As a workaround, in the Security and Privacy Settings, "Allow applications downloaded from" should be set to "Anywhere". (812263) Installing Kaspersky anti-virus on a system with Junos Pulse may prevent access to connected resources. (778869) Pulse can t upgrade from pre Junos Pulse 3.1 installed versions to Junos Pulse 3.1 by logging into 7.3 Secure Access Gateway over IPv6 connections. Workaround is to upgrade through browser login is to using an IPv4 address. (786236) To deploy Junos Pulse on Mac OS X 10.7 (Lion) with the Safari browser using the system proxy settings, you also need to configure the Java proxy settings. Go to Utilities>>Java Preferences>>Network>>Network Settings, and instead of enabling Use system settings, specify the same proxy settings used for your system proxy. (709469) While connecting to the Pulse Secure Access 7.2 server from Mac OS X 10.7 (Lion) with the Safari browser configured with proxy settings, the credential page may appear blank. To resolve this issue, refresh the browser. (734114) When connecting to the Pulse Secure Access 7.2 server with the Safari browser proxy settings configured, Junos Pulse may not be downloaded and installed if required to prompt for user credentials. (730816) When attempting to connect to a Pulse Secure Access 7.2 server with the Safari browser configured to use a Proxy Auto-Config (PAC) file, Junos Pulse may not connect successfully. (743840) If Java is not installed on Mac OS X 10.7 (Lion), the user has the following two options: 1. Install and enable Java on Mac OS X 10.7 before downloading Junos Pulse. 2. When deploying Junos Pulse on Mac OS X 10.7, if the "Missing-plug-in" link appears on the bottom of the browser, you will need to click on this link to download and install the Java Plug-in by following on screen instructions. After the Java plug-in is installed successfully, you can click on the Back or Refresh button on the browser to continue the Junos Pulse deployment. (730216) Access Control When attempting to connect to a Pulse Access Control server, Junos Pulse may display the message "Authentication rejected by server" on the first attempt to perform an 802.1x authentication after a server upgrade. As a workaround, disconnect Pulse and reconnect. (840842) When attempting to connect to a Pulse Access Control server, Junos Pulse may display the message "Authentication unexpectedly terminated by Windows 802.1x supplicant" while performing an 802.1x authentication after a server upgrade. As a workaround, disconnect Pulse and reconnect. (839770) Junos Pulse may fail to authenticate to a Pulse Access Control server configured for proxy authentication. As a workaround, decrease the radius timeout on the Pulse Access Control server. (798544) When Kaspersky Internet Security is active on the endpoint and Junos Pulse connects to a Pulse Access Control server, source IP configuration to a Host Enforcer may not work correctly. (717822) If you are using UAC IPSec Enforcement using Junos Pulse, applications might experience a slight delay in being able to establish network connections. (491848) When you configure Junos Pulse to make 802.1x based connections, a reboot may be required on Windows XP the next time Junos Pulse is upgraded. (492843) Establishing a connection to an Pulse Access Control server via the Pulse client is not supported when there is an existing active connection to the Pulse Access Control server with Odyssey Access Client. (509095) NAP Host Checker Policies will not work with Pulse if Odyssey Access Client is installed and also evaluating NAP Host Checker Policies. (512884) Certain client firewalls may make the Pulse connection on the Pulse Access Control server appear as if it is located behind a NAT device when it is not. (519630) Juniper Networks, Inc. 6

If connected to a Pulse Secure Access server and an Pulse Access Control server, then disconnect from the Pulse Secure Access server, other Pulse clients may receive the error "Too many connections from the same endpoint" error while attempting to connect to the Pulse Access Control server. (528650) When both Pulse and the Odyssey Access Client are installed on the same machine, Juniper recommends that only one client be used when establishing connections to the same Pulse Access Control server. (526333) While Pulse is connected to an Pulse Access Control server and the user initiates a connection to a Firewall, the Pulse Access Control server connection may get disconnected. (524075) When Pulse has connections to both a Pulse Secure Access server and Pulse Access Control server and the user disconnects from the Pulse Access Control server, the Active Users page may shows that the user session is still active. (523750). When AVG Internet Security 2012 is installed on Windows XP with Service Pack 3, Junos Pulse may not be able to establish a connection to a Pulse Access Control server. As a workaround, disable the AVG 2012 Firewall to connect successfully. (720945) Secure Access When the Pulse Access Control server performs a dynamic access policy change, Junos Pulse may not be able to establish the connection to the server. As a workaround, the user should disconnect and reconnect to the server. (852332) While logged into the Pulse Secure Access server via the browser and clicking the icon to launch Junos Pulse, any existing saved credentials for that connection will be overwritten. (842586) When a non-broadcast SSID is deleted from the Junos Pulse wireless connection setting on the Pulse Secure Access server, the SSID connection on Junos Pulse may not be removed. (838602) When disconnecting a suspended connection to a Pulse Secure Access server, the session information on the Pulse Secure Access server active users page may still be displayed. (832352) The Pulse Commandline Launcher (PCL) may return the error invalid arguments when the URL specified doesn t exactly match the URL specified in the Junos Pulse connection entry. (807298) The Junos Pulse client is not passing Multi-cast traffic through a tunnel to the Pulse Secure Access server on Windows 7 endpoints when multicast support is enabled on the Pulse Secure Access server. (768922) Junos Pulse may not honor the NC profile ESP to SSL fallback timeout configuration setting on the Pulse Secure Access server, possibly causing a delay when accessing remote resources. (796013) When using the Pulse Commandline Launcher to establish a connection to a Pulse Secure Access server, the Allow saving logon information setting must be enabled on the server configuration. (800342) When the Auto-allow option Auto-allow IP s in DNS/WINS settings (only for split-tunnel enabled mode) and the DNS Settings option DHCP DNS Settings (only applicable if DHCP Server is chosen) are selected, Junos Pulse may not add the DHCP DNS/WINS servers to endpoint route table. It may only add the servers for the IVE DNS Settings and Manual DNS Settings options. As a workaround, manually add these DNS/WINS servers into the split-tunnel routes if necessary. (799569) When connected to a Pulse Secure Access server from a browser with a host name and clicking the start button on the browser with the Pulse connection specified as an IP address, Junos Pulse will not auto start the Secure Access connection. (782569) If an IVE hostname resolves to multiple IP addresses, Pulse will attempt to connect with only the first IP address. The order in which a particular hostname gets resolved to different IP addresses is dependent on endpoint OS versions, endpoint system configurations and DNS server responses. The best practice is to have distinct IVE hostnames each resolving to a unique IP addresses. This is especially applicable to deploying IVEs with IPv4 and IPv6 enabled interfaces.(792565) Once Pulse falls back to SSL from ESP for an existing user L3 VPN connection, it doesn t attempt later to upgrade to ESP. This can happen if you upgrade from Junos Pulse 2.1 SSL based connection to Junos Pulse 3.x or an existing Junos Pulse 3.x ESP connection falls back to SSL due to temporal unavailability/restart of ESP services at the Secure Gateway. If the user disconnects and then reconnects, Pulse will setup an ESP connection if available. (782420, 783425) Juniper Networks, Inc. 7

If a Pulse connection set exists for a URL with a hostname resolving to an IPv4 address, when adding a new connection set on the same Secure Gateway for a URL with a hostname resolving to an IPv6 address, please uncheck "This Server" check box and provide the URL in the "URL" field to create a new dynamic connection in the Pulse UI (777931) On Mac OSX 10.8, Pulse doesn t support DNS resolution of hostnames of protected resources when Split Tunneling policy with route monitoring policy is enforced.(786215) When using a USB EVDO modem to connect to a Pulse Secure Access server, Junos Pulse 2.0 may not provide network access after connecting successfully. (583893) To connect to a Pulse Secure Access server with Junos Pulse and Kaspersky anti-virus installed, split tunneling must be enabled. (557069) Multiple simultaneously connected Pulse Secure Access server connections are not supported in Junos Pulse. Changes made to Junos Pulse configuration on Pulse Secure Access servers and Pulse Access Control servers are not showing up in the Admin Access Logs. (475507) It is currently not possible to provide Junos Pulse access for the delegated admin role on Pulse Secure Access servers or Pulse Access Control servers. (477822) When running Junos Pulse within Secure Virtual Workspace, the Pulse user interface will not launch correctly if it is also running on the base desktop. (483290) When using the Firefox browser to deploy Pulse from a Pulse Secure Access server or Pulse Access Control server, please be sure that "Enable the next generation Java Plugin" is enabled in the Java console. (498586) Please be sure to install 32-bit version of Java runtime on 64-bit windows versions when deploying pulse via the Firefox browser. (502486) SAML OAAM authentication is not supported with the Pulse client. (505578) Junos Pulse may be downloaded and installed when the user ROLE is configured for Junos Pulse Auto Launch and logs on using the Network Connect Embedded Browser. (664963) Endpoint Security When Junos Pulse is configured for two roles, one allowing full access and the other limited access, during host check evaluation Junos Pulse may display the connecting status when switching between full and limited access. (852345, 843178) When host check policies are enable for Junos Pulse with Sophos 8 A.V installed on Macintosh, the time to complete the checks may take longer than 35 seconds to complete. (827891) To enable Anti-Virus or Firewall predefined host checks on Windows 8 with Junos Pulse, ESAP 2.2.7 or higher version is required. (847310) The Kaspersky anti-virus web scanner can cause OAC/Pulse to fail to connect during dot1 x Authentication. If you are running Kaspersky anti-virus, and after successfully authenticating an interface via 802.1x, the " IC Series device " status is "terminated"(for OAC) or flaps between connecting and disconnecting(for pulse), Disable the web-scanner (port 443) in Kaspersky anti-virus and it should work. (381018) If Junos Pulse is installed in client machine that runs Kaspersky driver with version 6.1.18.0.( Kaspersky AV 6.0.2 installed), SAM TDI driver won't get loaded and user won't be connected to SAM role until machine is restarted. Solution is to restart the machine. (724457) Shavlik Remediation may fail on endpoints running Kaspersky Anti-Virus 6.0 for Windows workstations. The patch remediation may succeed if the Kaspersky Antivirus software is turned off. (573973) When using Patch Remediation, the patch installation count may exceed the missing patch count. This may occur when the same patch is attempted to be installed twice. The result will be a failure during the second attempt, which should be ignored. Two known patches that can exhibit this issue, WindowsXP-KB954459.exe on Windows XP and msxml6- KB954459.exe. (561392) During patch remediation after auto remediation complete, the user may be prompted to reboot the system. If the user attempts to connect prior to rebooting, the connection may pass the compliance check. An example of such a patch is the WindowsXP-KB953155.exe. (575714) During patch installation, some anti-malware solutions may report a risk warning on stdeploy.exe. To avoid the warning, Juniper Networks, Inc. 8

add Hostcheckpluginhost.exe to the anti-malware exceptions list; otherwise user s can safely ignore the warning to continue. (573970) When Enhanced Endpoint Security (EES) is enabled and the user installs Junos Pulse via a browser, the upgrade prompt may be shown immediately after connecting to the Junos Secure Access Gateway. (574762) When using Shavlik Remediation with proxy credentials, Junos Pulse may stay in the connecting state. As a workaround, wait a few seconds before entering the proxy credentials (523146). In the Junos Pulse 2.0, the Shavlik remediation dialog prompt may flash when transitioning from the certificate to credentials dialog. (544665). For testing Patch Remediation feature for restricted user account, the machine should be rebooted after Pulse installation in admin account. If user switches to restricted user without rebooting then Patch Installation Progress dialog does not appear. (560962) Host Checker support with Junos Pulse 3.0 is not compatible with Pulse Secure Access servers prior to version 7.2 and Pulse Access Control servers prior to version 4.2. Junos Pulse may display a green icon and display the message Compliance: Meets security policies when the Host Checker is not installed. (731979) While downloading and enable Enhanced Endpoint Security (EES), Junos Pulse may display status indicating that EES not running. (746628) Screen OS SRX When Junos Pulse attempts to establish an 802.1X connection using a Screen OS access point, the error Authentication unexpectedly terminated by server may momentarily be observed. (697469) When the NetScreen Remote VPN client is installed and connect to a firewall and Junos Pulse is used to establish a connection to a Pulse Secure Access server mapped to a SAM role and the NetScreen Remote VPN client is disconnected, Junos Pulse will indicate that it is still connected. (717732) When Junos Pulse establishes a Dynamic VPM connection utilizing an 802.1X wired connection and disconnects the 802.1X connection, Junos Pulse may still show the Dynamic VPN connection as connected. (840162) When logged on as a Windows restricted user, Junos Pulse 2.0 may fail to upgrade properly. (691379) When both Junos Pulse and the Odyssey Access Client are installed and the user uninstalls the Odyssey Access Client, the user may be prompted to upgrade when attempting to access a Pulse Access Control server requiring Dynamic IPSec resource access. (812684) Installing Junos Pulse 1.0 after installing JAM 1.0 is not supported. When using SecurID to authenticate, Junos Pulse 2.0 does not request a new passcode when reconnecting. (570033) When using SecurID to authenticate, Junos Pulse 2.0 requests user to enter the password instead of token information. (570037) Save credentials in the Junos Pulse credential dialog is not working correctly for SRX connections. (490482) When Junos Pulse is installed with minimal components, the user will not be able to establish a connection with SRX. (691873) Integrated ipass Client for Windows While connected to the internet, the integrated ipass client may show the wrong network status Connected no internet. (740927) The integrated ipass client may not update the Network list after resuming from suspend. (739848) The integrated ipass client may not change the network state when the user manually disables/enables it. (738061) When using Junos Pulse with the integrated ipass client, there may be a short delay displaying ipass networks. This does not affect the user's internet connectivity. (583127) Occasionally, when a Windows XP machine connects to a LAN when it is already connected to a WiFi network, Pulse Juniper Networks, Inc. 9

reports the WiFi connection status as "Disconnecting..." and the connection status does not transition to the "Disconnected" state. A reboot is required before ipass will allow you to reconnect to the WiFi network. To avoid this condition, press the "Disconnect" button on the Pulse UI before connecting your machine to the LAN. (607701) Secure Application Manager for Windows Both Junos Pulse and the Odyssey Access Client may be able to establish a layer 3 connection to Pulse Access Control server if the Junos Pulse Access Control server is reachable via a Junos Pulse SAM connection. (782853) When accessing Outlook with Junos Pulse connected to a Secure Access Gateway via SAM and your connection is interrupted, you may not be able to reconnect to Outlook. As a workaround, reset the Windows Logon service to restore the connection. (737647) When connecting Junos Pulse to a Pulse Secure Access server on Windows Vista and above, Network Level Authentication is not supported. When you have a large number of Domain Controllers in your network and enable Secure Application Manager domain authentication, multiple SSL channels may be opened from each endpoint causing excessive loads on the Pulse Secure Access server. (725385) When the Secure Access Gateway tries to resolve any host with a short name, Windows will append the primary domain suffix to form the FQDN. If the Secure Access Gateway is unable to resolve the name but the FQDN name is resolved thru the locally configured DNS, Windows will stop generating NetBIOS requests. (711058) When using Junos Pulse on Windows XP to access protected resources using hostnames with SAM, Microsoft updates KB884020 and KB951748 should be installed. (695437) Junos Pulse with SAM enabled does not interoperate with Check Point s Zone Alarm or Trend Micro s Internet Security software (675305,676042,679213,677253). When accessing resources with shortnames using Junos Pulse SAM, shortnames will be resolved only by appending either the Primary DNS suffixes at the endpoint or Domain Suffixes configured in the Pulse Secure Access server, in the Network->Overview section. Connection specific DNS suffixes are not used for shortname resolution when Junos Pulse SAM is used. (671057) When configuring enterprise applications for Junos Pulse SAM on the Secure Access Gateway, users who have Kasperksy installed on their system should not include avp.exe in the client application list with <allow all> in the ACLs. Otherwise, they will enable access to any internet/intranet site. (662592) On Windows Vista, when a user attempts to reestablishing a connection to a Pulse Secure Access server that is assigned a Junos Pulse SAM role that is configured to access a network mapped drive, an error may occur attempting to access the mapped drive. (674379) Machine Authentication for Windows When use Machine Authentication with Junos Pulse and the Odyssey Access Client on Windows 8, a system registry entry must be modified. Please see the Microsoft KB article http://support.microsoft.com/kb/2743127 for details. (784981) When using a Pulse Secure Access server to establish a Machine Authentication with Junos Pulse, the Pulse Secure Access server should be configured to use a Windows 2003 authentication server. The Pulse Secure Access server does not support Windows 2008R2 for Junos Pulse Machine Authentication. When using a Pulse Access Control server to establish a Machine Authentication with Junos Pulse, the Pulse Access Control server may be configured to use either a Windows 2003 or Windows 2008R2 authentication server. Credential Provider for Windows When configuring Junos Pulse on either the Pulse Access Control server or Pulse Secure Access server for automatic connections at user login with Pre-login user based virtual LAN enabled, a Windows error message may appear when successfully making a wireless layer 2 connection if the virtual LAN is not properly configured. (847590) The Pre-login user based virtual LAN setting specifies that wireless computers are placed on one virtual local area network (VLAN) at startup, and then based on user permissions moved to a different VLAN network after the user logs on to the computer. When using Remote Desktop to connect to another Windows machine with Junos Pulse installed and configured for Juniper Networks, Inc. 10

Layer 3 Credential Provider support, the Junos Pulse UI on the remote machine may not display connections properly. As a workaround, exit the remote Junos Pulse tray application and launch Junos Pulse. (781781) When Credential Provider connections are enabled, Junos Pulse may not honor wireless suppression settings. (788015) If prompted for proxy server information when establishing a connection via Credential Provider, enter the server in the form <servername>:<port> if a special port is required. (741028) When attempting to logon using the Junos Pulse Smart Card tile, the smart card may hang in the "Reading smart card" state. As a workaround, re-insert the smart card back into the reader or USB port. (702884) Junos Pulse Collaboration Integration When attempting to join a collaboration meeting with Junos Pulse when the Pulse Collaboration server is not reachable, the connection status message Waiting to connect will be displayed indefinitely. (740649) When attempting to join a collaboration meeting with Junos Pulse, Internet Explorer will launch irrespective of the default browser. Please refer to the supported platform document for a list of browsers supported in this release. When attempting to join a collaboration meeting from Junos Pulse with Check Point s Zone Alarm installed, the Windows Internet Browser may fail to launch. (702477) 802.1x for Windows Junos Pulse doesn't show authentication failure when using 802.1x connections and an expired client certificate is used. (487727) When using Junos Pulse 802.1x connections on Windows XP with Odyssey Access Client installed, you will have to check the check box, "use windows to configure my wireless network settings", manually after you uncheck "use Odyssey to operate this adapter" in Odyssey Access Client. (504701) Pre-configuration of 802.1x settings is required in order for the 802.1x feature to work correctly if users cannot log-in to the Pulse Access Control server via the web browser to dynamically deploy the configuration. (526341) Application Acceleration for Windows When Application Acceleration is enabled, if there are existing CIFS connections from mapped drives or shared folders Pulse will show a pop-up asking if the user wants to reestablish these connections. (719162) The Junos Pulse Application Acceleration component may cause disruptions with some types of network connections on systems with multiple network interfaces that are connected simultaneously. (504692) Deploying the Junos Pulse WAN Application Acceleration package via Host Checker is not supported when logging in via the Junos Pulse client. This is only applicable to browser based initial deployments. (504952) Firewalls like Kaspersky software that are known to block Pulse Application Acceleration control packets. UDP port 3578 will have to be provisioned to open ports at the endpoint. (505817) If Junos Pulse software requires the Application Acceleration capability to be deployed from an Pulse Secure Access server, All components should be selected at the Pulse Secure Access server. (505944) Pulse may disrupt Internet Connection Sharing via Windows Virtual Wifi on Windows 7 Endpoints when Application Acceleration is installed. (507628) Application Acceleration may not get enabled correctly when changing the configured community string after deploying Pulse via Host Checker. (527411) An Application Acceleration adjacency can still be established between Pulse and WXC server when the community string that was deployed to the Pulse client from an Pulse Secure Access server or Pulse Access Control server is removed from the Administrator UI of the Pulse Secure Access server or Pulse Access Control server. (527660) Requesting Technical Support To open a case or to obtain support information, please visit the Juniper Networks Support Site: http://www.juniper.net/support. Juniper Networks, Inc. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information