Pulse Policy Secure. Configuration Guide. Policy Secure 802.1x authentication with native Mac OSX supplicant

Similar documents
Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published:

Pulse Policy Secure. Layer 2 and the Pulse Policy Secure Series RADIUS Server. Product Release 5.1. Document Revision 1.0 Published:

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

How to Access Coast Wi-Fi

PULSE. Pulse for Windows Phone Quick Start Guide. Release Published Date

Pulse Policy Secure. Device Access Management Framework Feature Guide. Product Release 5.1. Published: Document Revision 1.

Windows PEAP-GTC Supplicant Plug-In

802.1X Client Software

Securing Wireless LANs with LDAP

Network Services One Washington Square, San Jose, CA

On-boarding and Provisioning with Cisco Identity Services Engine

Wireless Network Configuration Guide

Network User s Guide

TrustSec How-To Guide: On-boarding and Provisioning

NETWORK USER S GUIDE. Multi-Protocol On-board Ethernet Multi-function Print Server and Wireless Ethernet Multi-function Print Server

Enrollment System THE AGING OF PEAP/MSCHAPV2: UNDERSTANDING THE DRIVERS OF OBSOLESCENCE

Deploying and Configuring Polycom Phones in 802.1X Environments

Pulse Secure Client for Chrome OS

User Guide for eduroam

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Client Configuration Secure Socket Layer. Information Technology Services 2010

QuickStart Guide for Mobile Device Management

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

QuickStart Guide for Mobile Device Management. Version 8.6

How to configure 802.1X authentication with a Windows XP or Vista supplicant

Creating and Installing a Self Signed Certificate for PEAP/EAP-TLS Authentication

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

vwlan External RADIUS 802.1x Authentication

Drobo How-To Guide Drobo Apps - Configuring Copy Replication

ReadyNAS Remote. User Manual. June East Plumeria Drive San Jose, CA USA

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Drobo How-To Guide. Topics. What You Will Need. Using Drobo and Backblaze for Simple Online Backup

APNS Certificate generating and installation

Security Assertion Markup Language (SAML) Site Manager Setup

Network User s Guide

NetSupport DNA Configuration of Microsoft SQL Server Express

RSC-Secure-Wireless provides...

Defender Token Deployment System Quick Start Guide

Managing Identities and Admin Access

NetSupport DNA Configuration of Microsoft SQL Server Express

Airnet-Student is a new and improved wireless network that is being made available to all Staffordshire University students.

ADFS Integration Guidelines

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

Parallels Mac Management v4.0

Authenticating users of Cisco NCS or Cisco Prime Infrastructure against Microsoft NPS (RADIUS)

Smart Control Center. User Guide. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

NetMotion + YubiRADIUS Quick Start Guide

Connecting to Remote Desktop Windows Users

1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.

GPC JagTalk Secure Wireless Network. Connection Instructions

Windows XP User guide for wired network v1.1

Setting up SJUMobile (Wireless Internet Access for personal devices)

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Active Directory Solution 1.0 Guide

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Understanding BeyondTrust Patch Management

How To Set Up Hopkins Wireless On Windows 7 On A Pc Or Mac Or Ipad (For A Laptop) On A Network Card (For Windows 7) On Your Computer Or Ipa (For Mac Or Mac) On An Ipa Or

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

6. After connecting reopen the wireless connections window. Right click on RamNet and select properties. Page 2 of 7

SA Series SSL VPN Virtual Appliances

Connecting to Secure Wireless (iitk-sec) on Fedora

Pulse Secure Universal App for Windows

App Orchestration 2.0

PEAP-TLS: Microsoft Supplicant configuration (Windows 7) and Aruba ClearPass

CA Spectrum and CA Embedded Entitlements Manager

NETWORK USER S GUIDE. Multi-Protocol On-board Ethernet Print Server and Wireless Ethernet Print Server

setup information for most domains hosted with InfoRailway.

App Orchestration 2.5

Configuring User Identification via Active Directory

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:

How to connect to the diamonds wireless network with Vista.

AAA & Captive Portal Cloud Service TM and Virtual Appliance

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

802.1x in the Enterprise Network

How to Logon with Domain Credentials to a Server in a Workgroup

Installation Guide. (You can get these files from

Configuring IBM Cognos Controller 8 to use Single Sign- On

Pulse Secure Desktop Client

Thirtyseven4 Endpoint Security (EPS) Upgrading Instructions

NAS 322 Connecting Your NAS to a VPN

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

LifeSize Control Installation Guide

Macs are not directly compatible with Noetix.

Information & Communication Technologies FTP and GroupWise Archives Wilfrid Laurier University

7.1. Remote Access Connection

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Pulse Secure Client. Customization Developer Guide. Product Release 5.1. Document Revision 1.0. Published:

Generating an Apple Enterprise MDM Certificate

Deploying RSA ClearTrust with the FirePass controller

Advanced Administration

Evaluation of EAP Authentication Methods in Wired and Wireless Networks

Transcription:

Pulse Policy Secure Configuration Guide Policy Secure 802.1x authentication with native Mac OSX supplicant Published: 2015-02-04 Document Revision 1.0

Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 http://www.pulsesecure.net Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Configuration Guide - Policy Secure 802.1x authentication with native Mac OSX supplicant The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.pulsesecure.net. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.

Table of Contents 1 Configuring native Mac OSX supplicant for Policy Secure 802.1x authentication... 5 1.1 Configuring 802.1x profiles...5 1.1.1 TTLS-PAP authentication profile... 5 1.1.2 TTLS/MS-CHAP-V2 authentication profile... 7 1.1.3 PEAP authentication profile... 8 1.2 Configuring Authentication Protocol Set on PPS...9 2 802.1x authentication in Mac OSX... 10 3 Host checking on Mac OSX with native supplicant... 10 4 Glossary... 11

List of Figures Figure 1 TTLS/PAP: General... 6 Figure 2 TTLS/PAP: Wi-Fi... 6 Figure 3 TTLS/MS-CHAP-V2: General... 7 Figure 4 TTLS/MS-CHAP-V2: Wi-Fi... 7 Figure 5 PEAP/MS-CHAP-V2: General... 8 Figure 6 PEAP/MS-CHAP-V2: Wi-Fi... 9 Figure 7 Authentication Protocol Set... 10

1 Configuring native Mac OSX supplicant for Policy Secure 802.1x authentication This section details the procedure for configuring native Mac OSX supplicant for Policy Secure 802.1x authentication. System Requirements: Apple Mac OSX (10.8/10.9) endpoint IPhone Configuration utility. Authentication to a Pulse Policy Secure (PPS) 802.1x server in OSX endpoints can be achieved using the native supplicant through use of the iphone configuration utility tool. This tool allows you to easily create, maintain, and install configuration profiles, track and install provisioning profiles, and capture device information including console logs. You can create various profiles (TTLS/PAP, TTLS/MS-CHAP-V2, and PEAP/MS-CHAP-V2) required for Policy Secure 802.1x authentication using the iphone configuration utility (IPCU). Once IPCU generates the configuration profiles, they can be exported to a Mac OSX endpoints running (10.8/10.9). To create profiles, install the profiles (by double clicking on the exported files) on their OSX endpoints and that will provision Layer 2 access when connected to 802.1x enabled switch port. 1.1 Configuring 802.1x profiles Configuring 802.1x profiles -TTLS/PAP, TTLS/MS-CHAP-V2, and PEAP/MS-CHAP-V2 is applicable only for General and Wi-Fi settings. If the authentication server is LDAP, TTLS-PAP is a good choice. It works with all LDAP servers. If the authentication server is Active Directory or local, TTLS-MSChapV2 or PEAP-MSChapV2 is a good choice. 1.1.1 TTLS-PAP authentication profile To configure TTLS-PAP profile, perform the following: 1. On the iphone configuration utility (IPCU) navigate to Configuration Profiles tab. 2. On configuration Profiles page, select General and enter the required values.

Figure 1 TTLS/PAP: General 3. Select Wi-Fi and enter the required values. Figure 2 TTLS/PAP: Wi-Fi

1.1.2 TTLS/MS-CHAP-V2 authentication profile To configure TTLS/MS-CHAP-V2, perform the following: 1. On the iphone configuration utility (IPCU) navigate to Configuration Profiles tab. 2. On configuration Profiles page, select General and enter the required values. Figure 3 TTLS/MS-CHAP-V2: General 3. Select Wi-Fi and enter the required values. Figure 4 TTLS/MS-CHAP-V2: Wi-Fi

1.1.3 PEAP authentication profile To configure PEAP, perform the following: 1. On the iphone configuration utility (IPCU) navigate to Configuration Profiles tab. 2. On configuration Profiles page, select General and enter the required values. Figure 5 PEAP/MS-CHAP-V2: General 3. Select Wi-Fi and enter the required values.

Figure 6 PEAP/MS-CHAP-V2: Wi-Fi 1.2 Configuring Authentication Protocol Set on PPS On the Pulse Policy Secure (PPS) navigate to Authentication -> Signing In -> Authentication Protocols Edit the existing default protocol set -802.1X like the example below to support EAP-TTLS/PAP, EAP- TTLS/MS-CHAP-V2 and PEAP/EAP-MS-CHAP-V2 outer and inner authentication protocol combinations for 802.1x authentication.

Figure 7 Authentication Protocol Set 2 802.1x authentication in Mac OSX It is observed that when Pulse Policy Secure (PPS) is configured to communicate with backend Active Directory authentication server for user authentication, EAP-TTLS/PAP, EAP-TTLS/MS-CHAP-V2 and PEAP/EAP-MS-CHAP-V2 authentication protocol combinations work successfully for 802.1x authentication with native supplicant in OSX endpoints. EAP-TTLS/CHAP combination works as expected with system local, but does not work with Active Directory authentication server. To perform CHAP, PPS must have the password as clear text. PPS must be able to retrieve the clear text password from backend AD server which is not allowed. 3 Host checking on Mac OSX with native supplicant On Mac OSX endpoint Policy Secure Host checking can be enforced only for Layer3 connection. Once Mac OSX endpoint gets authenticated using native supplicant and gains network access, you can launch and install Pulse Secure client (via browser deployment or SCCM advertisement) and establish Layer3 session. This evaluates the health status of the OSX endpoints and thereby ensuring legitimate resource access behind PPS Enforcer.

There will be two different sessions for Layer2 and Layer3 connections on Pulse Policy Secure (PPS) which will consume separate license for each session. If RADIUS only license is installed only the Layer3 session is accounted. 4 Glossary Item PPS EAP PAP TTLS PEAP MS-CHAP-V2 IPCU Description Pulse Policy Secure Extensible Authentication Protocol Password Authentication Protocol Tunneled Transport Layer Security Protected Extensible Authentication Protocol Microsoft version of the Challenge- Handshake Authentication Protocol iphone Configuration Utility

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information