therequirementsinalloftheselectedpolicies.Instead,theusercanaccessthe
roleifhemeetstherequirementsofanyoneoftheselectedHostCheckerpolicies.
4.
Ifyouwanttocreaterole-mappingrulesbasedonauser’sHostCheckerstatus:
a.
Navigateto:Users>UserRealms>SelectRealm >RoleMapping.
b.
ClickNewRule,selectCustomExpressionsfromtheRulebasedonlist,andclick
Update.Or,toupdateanexistingrule,selectitfromtheWhenusersmeetthese
conditionslist.
c.
ClickExpressions.
d.
WriteacustomexpressionfortherolemappingruletoevaluateHostChecker’s
statususingthehostCheckerPolicyvariable.Forhelpwritingthecustom
expressions,usetipsintheExpressionsDictionary.
e.
Inthe...thenassigntheserolessection,selecttherolesthatSecureAccessshould
mapuserstowhentheymeettherequirementsspecifiedinthecustomexpression
andclickAdd.
f.
SelecttheStopprocessingruleswhenthisrulematchesifyouwantSecureAccess
tostopevaluatingrolemappingrulesiftheusersuccessfullymeetsthe
requirementsdefinedinthisrule.
5.
IfyouwanttoimplementHostCheckerattheresourcepolicylevel:
a.
Navigateto:Users>ResourcePolicies>SelectResource>SelectPolicy>
DetailedRules.
b.
ClickNewRuleorselectanexistingrulefromtheDetailedRuleslist.
c.
WriteacustomexpressionforthedetailedruletoevaluateHostChecker’sstatus
usingthehostCheckerPolicyvariable.
Theseoptionsallowyoutocontrolwhichversionofanapplicationorservicerunson
clientmachines.
RemediatingHostCheckerPolicies
YoucanspecifygeneralremediationactionsthatyouwantHostCheckertotakeifan
endpointdoesnotmeettherequirementsofapolicy.Forexample,youcandisplaya
remediationpagetotheuserthatcontainsspecificinstructionsandlinkstoresources
tohelptheuserbringtheirendpointintocompliancewithHostCheckerpolicy
requirements.
Youcanalsochoosetoincludeamessagetousers(calledareasonstring)thatisreturned
byHostCheckeroranintegritymeasurementverifier(IMV)andexplainswhytheclient
machinedoesnotmeettheHostCheckerpolicyrequirements.
Forexample,theusermayseearemediationpagethatcontainsthefollowingcustom
instructions,alinktoresources,andreasonstrings:
335
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
Pdf compression settings - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
pdf markup text size; change font size pdf
Pdf compression settings - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
change paper size pdf; adjust pdf size preview
Yourcomputer'ssecurityisunsatisfactory.
Yourcomputerdoesnotmeetthefollowingsecurityrequirements.Pleasefollowthe
instructionsbelowtofixtheseproblems.WhenyouaredoneclickTryAgain.Ifyouchoose
toContinuewithoutfixingtheseproblems,youmaynothaveaccesstoallofyourintranet
servers.
1.Symantec
Instructions:Youdonothavethelatestsignaturefiles.Clickheretodownloadthelatest
signaturefiles.Reasons:TheAntiVirusProductVersionistoolow.
TheageoftheVirusDefinitionsisnotacceptable.
ForeachHostCheckerpolicy,youcanconfiguretwotypesofremediationactions:
User-driven—Usingcustominstructions,youcaninformtheuseraboutthefailedpolicy
andhowtomakehiscomputerconform.Theusermusttakeactiontosuccessfully
re-evaluatethefailedpolicy.Forinstance,youcancreateacustompagethatislinked
toapolicyserverorWebpageandenablestheusertobringhiscomputerinto
compliance.
Automatic(system-driven)—YoucanconfigureHostCheckertoautomatically
remediatetheuser’scomputer.Forexample,whentheinitialpolicyfails,youcankill
processes,deletefiles,orallowautomaticremediationbyanIMV.OnWindows,you
canalsocalltheHCIF_Module.Remediate()APIfunctionaspartofathird-partyJ.E.D.I.
DLL.HostCheckerdoesnotinformuserswhenperformingautomaticactions.(You
could,however,includeinformationinyourcustominstructionsabouttheautomatic
actions.)
GeneralHostCheckerRemediationUserExperience
Usersmayseetheremediationpageinthefollowingsituations:
Beforetheusersignsin:
Ifyouenablecustominstructionsforapolicythatfails,SecureAccessdisplaysthe
remediationpagetotheuser.Theuserhastwochoices:
Taketheappropriateactionstomaketheendpointconformtothepolicyandthen
clicktheTryAgainbuttonontheremediationpage.HostCheckercheckstheuser’s
computeragainforcompliancewiththepolicy.
LeavetheendpointinitscurrentstateandclicktheContinuebuttontosigninto
SecureAccess.Theusercannotaccesstherealm,role,orresourcethatrequires
compliancewiththefailedpolicy.
IfyoudonotconfigureSecureAccesswithatleastonerealmthatallowsaccess
withoutenforcingaHostCheckerpolicy,theusermustbringtheendpointinto
compliancebeforesigningintoSecureAccess.
Ifyoudonotenablecustominstructionsforapolicythatfails,HostCheckerdoes
notdisplaytheremediationpagetotheuser.Instead,SecureAccessdisplaysthe
Copyright©2012,JuniperNetworks,Inc.
336
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF Convert to Tiff SDK: Convert PDF to tiff images in C#.net
The magnification of the original PDF page size. compression, The target compression of the output tiff file to DOCX/TIFF with specified settings through options
advanced pdf compressor; adjust size of pdf in preview
C# Create PDF from Tiff Library to convert tif images to PDF in C#
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
reduce pdf file size; pdf form change font size
sign-inpagebutdoesnotallowtheusertoaccessanyrealms,roles,orresources
thathaveafailedHostCheckerpolicy.
Aftertheusersignsin:
(Windowsonly)Duringasession,ifauser’sWindowscomputerbecomes
non-compliantwiththerequirementsofaHostCheckerpolicy,aniconappearsin
thesystemtrayalongwithapop-upmessagethatinformstheuserofthe
non-compliance.Theusercanthenclickthepop-upmessagetodisplaythe
remediationpage.
(MacintoshorLinux)Duringasession,ifauser’sMacintoshorLinuxcomputer
becomesnon-compliantwiththerequirementsofaHostCheckerpolicy,Secure
Accessdisplaystheremediationpagetoinformtheuserofthenon-compliance.
NOTE: Iftheuserhidestheremediationpagebysettingauserpreference,
hemayonlycontinueusingthesecuregatewayifyouconfigureother
realmsandrolesthatdonotenforceaHostCheckerpolicy.
Related
Documentation
ConfiguringGeneralHostCheckerRemediationonpage337
ConfiguringaPredefinedAntivirusRulewithRemediationOptionsonpage302
ConfiguringaPredefinedFirewallRulewithRemediationOptions(WindowsOnly)on
page304
SpecifyingCustomizedRequirementsUsingCustomRulesonpage312
ConfiguringGeneralHostCheckerRemediation
TospecifyremediationactionsforaHostCheckerpolicy:
1.
Intheadminconsole,selectAuthentication>EndpointSecurity>HostChecker.
2.
CreateorenableHostCheckerpolicies.
3.
SpecifytheremediationactionsthatyouwantHostCheckertoperformifauser’s
computerdoesnotmeettherequirementsofthecurrentpolicy:
337
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
C# Create PDF from PowerPoint Library to convert pptx, ppt to PDF
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
change font size in pdf form field; adjust pdf page size
C# Create PDF from Excel Library to convert xlsx, xls to PDF in C#
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
change font size on pdf text box; pdf text box font size
EnableCustomInstructions—Entertheinstructionsyouwanttodisplaytotheuser
ontheHostCheckerremediationpage.YoucanusethefollowingHTMLtagsto
formattextandaddlinkstoresourcessuchaspolicyserversorwebsites:<i>,<b>,
<br>,<font>,and<ahref>.Forexample:
Youdonothavethelatestsignaturefiles.
<ahref=”www.company.com”>Clickheretodownloadthelatestsignaturefiles.</a>
NOTE: ForWindowsclients,ifyouincludeintheinstructionsalinktoa
SecureAccess-protectedpolicyserver,defineapre-authentication
accesstunnel.
EnableCustomActions—Youcanselectoneormorealternatepoliciesthatyou
wantHostCheckertoevaluateiftheuser’scomputerdoesnotmeetthecurrent
policyrequirements.Thealternatepolicymustbeeitherathird-partypolicythat
usesaJ.E.D.I.packageoraSecureVirtualWorkspacepolicy.Forexample,youcan
useaJ.E.D.I.packagetolaunchanapplicationiftheuser’scomputerdoesnotmeet
thecurrentpolicyrequirements.SelectthealternatepolicyintheHCPolicieslist
andthenclickAdd.
Remediate—(ThirdpartyDLLsonly)Youcanselectthisoptiontoperform
remediationactionsspecifiedbymeansoftheRemediate()APIfunctionina
third-partyJ.E.D.I.DLL.
NOTE: TheRemediatefeatureisprimarilyprovidedforbackwards
compatibility.WerecommendthatyouuseIMCsandIMVsinstead.
KillProcesses—Oneachline,enterthenameofoneormoreprocessesyouwant
tokilliftheuser’scomputerdoesnotmeetthepolicyrequirements.Youcaninclude
anoptionalMD5checksumfortheprocess.(Youcannotusewildcardsintheprocess
name.)Forexample:
keylogger.exe
MD5:6A7DFAF12C3183B56C44E89B12DBEF56
DeleteFiles—Enterthenamesoffilesyouwanttodeleteiftheuser’scomputer
doesnotmeetthepolicyrequirements.(Youcannotusewildcardsinthefilename.)
Enteronefilenameperline.Forexample:
c:\temp\bad-file.txt
/temp/bad-file.txt
Sendreasonstrings—Selectthisoptiontodisplayamessagetousers(calleda
reasonstring)thatisreturnedbyHostCheckerorintegritymeasurementverifier
(IMV)andexplainswhytheclientmachinedoesnotmeettheHostCheckerpolicy
requirements.Thisoptionappliestopredefinedrules,customrules,andtothird-party
Copyright©2012,JuniperNetworks,Inc.
338
JunosPulseSecureAccessServiceAdministrationGuide
C# Create PDF from Word Library to convert docx, doc to PDF in C#.
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
pdf compress; batch reduce pdf file size
C# PDF Convert to Word SDK: Convert PDF to Word library in C#.net
The magnification of the original PDF page size. compression, The target compression of the output tiff file to DOCX/TIFF with specified settings through options
pdf optimized format; best online pdf compressor
IMVsthatuseextensionsintheJuniperNetworksTNCSDK.Forexample,anantivirus
IMVmightdisplaythefollowingreasonstring:
TheAntiVirusProductVersionistoolow.TheageoftheVirusDefinitionsisnot
acceptable.
NOTE: Bysendingreasonstrings,youaredisclosingtouserswhatthe
IMVischeckingontheclientmachine.
4.
ClickSaveChanges.
Related
Documentation
RemediatingHostCheckerPoliciesonpage335
UpgradingtheEndpointSecurityAssessmentPlug-In
TheEndpointSecurityAssessmentPlug-in(ESAP)onSecureAccesschecksthird-party
applicationsonendpointsforcompliancewiththepre-definedrulesyouconfigureina
HostCheckerpolicy.Thisplug-inisincludedintheSecureAccesssystemsoftware
package.
JuniperNetworksfrequentlyaddsenhancements,bugfixes,andsupportfornew
third-partyapplicationstotheplug-in.Newplug-inreleasesareavailableindependently
andmorefrequentlythannewreleasesoftheSecureAccesssystemsoftwarepackage.
Ifnecessary,youcanupgradetheplug-inonSecureAccessindependentlyofupgrading
theSecureAccesssystemsoftwarepackage.
Youcanuploaduptofourversionsoftheplug-intoSecureAccess,butSecureAccess
usesonlyoneversionatatime(calledtheactiveversion).Ifnecessary,youcanrollback
toapreviouslyactiveversionoftheplug-in.
ToupgradetheEndpointSecurityAssessmentPlug-in:
1.
DownloadtheEndpointSecurityAssessmentPlug-infromtheJuniperNetworks
CustomerSupportCentertoyourcomputer:
a.
Openthefollowingpage:
http://www.juniper.net/support/products/esap/
b.
ClicktheSoftwaretab.
c.
NavigatetotheESAPreleaseyouwantandclickthelinktodownloadthepackage
filetoyourcomputer.
2.
SelectAuthentication>EndpointSecurity>HostChecker.
339
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
C# Create PDF from CSV to convert csv files to PDF in C#.net, ASP.
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
best way to compress pdf files; best pdf compressor online
C# Create PDF from OpenOffice to convert odt, odp files to PDF in
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
pdf change page size; 300 dpi pdf file size
3.
AtthebottomoftheHostCheckerpageunderManageEndpointSecurityAssessment
Plug-InVersions:
a.
Ifyouhavepreviouslyuploadedfourversionsofthecomponentsoftware,youmust
deleteoneoftheversionsbeforeyoucanuploadanotherone.Selecttheversion
youwanttodeleteandclickDelete.
b.
IfyouwantSecureAccesstoactivelybeginusingthenewcomponentsoftware
immediatelyafteryouuploadit,selecttheSetasactiveafteruploadoption.
c.
ClickBrowse,selecttheplug-infileyouwanttouploadtoSecureAccess,andclick
OK.
d.
ClickUpload.WhileSecureAccessuploadsanddecryptstheplugin.zipfile,the
message“Loading...”appearsintheplug-inlistunderManageEndpointSecurity
AssessmentPlug-InVersions.IfSecureAccessisamemberofacluster,Secure
Accessdisplaysthemessage“Loading...”whiletheplug-inistransferredtothe
otherclusternodes.Aftertheplug-inisinstalled,thedateandtimeoftheplug-in
installationappearsintheplug-inlist.
e.
IfyoudidnotselecttheSetasactiveafteruploadoption,activatetheplug-inyou
wanttousebyselectingtheversionintheplug-inlistandclickingActivate.
Copyright©2012,JuniperNetworks,Inc.
340
JunosPulseSecureAccessServiceAdministrationGuide
C# Create PDF from RTF to convert csv files to PDF in C#.net, ASP.
compression, The target compression of the output tiff file, it is invalid for pdf Description: Convert to PDF/TIFF with specified settings through options
change page size pdf acrobat; pdf reduce file size
NOTE:
Ifyouattempttoactivateaversionoftheplug-inthatdoesnotsupportall
ofthepre-definedrulesalreadyconfiguredinallHostCheckerpolicies,
SecureAccessdoesnotallowactivationofthatplug-inversion.For
example,ifaHostCheckerpolicyisconfiguredtouseapre-definedruleto
checkforaversionofantivirussoftware,andyouattempttoactivatea
plug-inversionthatdoesnotsupportthatparticularversionoftheantivirus
software,SecureAccessdoesnotallowyoutoactivatethatplug-inversion.
Toviewthelistofsupportedproductsforaparticularplug-inversion,click
theplug-in’sversionnumberunderManageEndpointSecurityAssessment
Plug-InVersions.
Youcanrollbacktoanolderplug-inversionafterupgradingtoalaterversion
byselectingtheolderversionastheactiveversion.But,ifyoumodifiedany
HostCheckerpoliciesafterupgradingtothelaterversion,therollbackmay
notsucceed.Rollbackisguaranteedtosucceedonlyifthepoliciesdidnot
change.
IfyouupgradetheSecureAccesssystemsoftwaretoanewerversion,or
youimportauserconfigurationfile,thecurrentlyactiveplug-inversion
doesnotchange.Ifyouwanttouseadifferentplug-inversionafter
upgradingorimportingauserconfigurationfile,youmustmanuallyactivate
thatplug-inversion.
IfSecureAccessalreadyhasfourversionsoftheplug-ininstalledwhen
youupgradetheSecureAccesssystemsoftwaretoanewerversion,Secure
Accessautomaticallydeletestheoldestplug-inversionandinstalls,but
doesnotactivate,theplug-inincludedwiththenewSecureAccesssystem
software.
Related
Documentation
ImplementingHostCheckerPoliciesonpage331
DefiningHostCheckerPre-AuthenticationAccessTunnels
IfyourpoliciesrequireHostCheckerrulesorthird-partyJ.E.D.I.DLLstoaccessapolicy
server(orotherresource)tocheckcompliancebeforeusersareauthenticated,youcan
useoneofthefollowingmethodstomaketheresourceavailabletotheHostChecker
Windowsclients:
DeploythepolicyserverinaDMZwhereHostCheckerrulesorthird-partyJ.E.D.I.
DLLscanaccesstheserverdirectlyinsteadofgoingthroughSecureAccess—This
deploymentisthesimplestsolutionbecauseyoudonothavetodefineaHostChecker
pre-authenticationaccesstunnelthroughSecureAccessbetweenclientsandthe
policyserver.
DeploythepolicyserverinaprotectedzonebehindSecureAccess(Windows
only)—Thisdeploymentrequiresyoutodefineapre-authenticationaccesstunnel.A
pre-authenticationaccesstunnelenablesHostCheckerrulesorthird-partyJ.E.D.I.DLLs
341
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
toaccesstheSecureAccess-protectedpolicyserverorresourcebeforeSecureAccess
authenticatesusers.Todefineapre-authenticationaccesstunnel,youassociatea
loopbackaddress(orhostname)andportontheclientwithanIPaddressandport
onthepolicyserver.YouaddoneormoretunneldefinitionstoaMANIFEST.HCIFfile,
whichyouthenuploadtoSecureAccess.YoucanuploadmultipleMANIFEST.HCIF
filestoSecureAccess.Forallthird-partypoliciesenabledonarealm,HostChecker
createstunnelsforallofthetunneldefinitionsinalloftheMANIFEST.HCIFfiles,
assumingthedefinitionsareunique.
WhilerunningonaWindowsclient,HostCheckerlistensforaconnectiononeachloopback
addressandportyouspecifyinthetunneldefinitions.Theconnectionscanoriginatefrom
theintegratedHostCheckerrulesandfromclient-sideorserver-sideJ.E.D.I.DLLs.Host
Checkerusesthepre-authenticationaccesstunnel(s)toforwardtheconnectionsthrough
SecureAccesstothepolicyserver(s)orotherresource.
Figure16:HostCheckerCreatesaTunnelfromaClienttoaPolicyServer
BehindtheSASeriesAppliance
NOTE: HostCheckerpre-authenticationaccesstunnelsaresupportedon
Windowsonly.
Related
Documentation
SpecifyingHostCheckerPre-AuthenticationAccessTunnelDefinitionsonpage342
SpecifyingHostCheckerPre-AuthenticationAccessTunnelDefinitions
ForWindowsclients,youcandefineapre-authenticationaccesstunnelthatenables
HostCheckermethodsorthird-partyJ.E.D.I.DLLstoaccessaSecureAccess-protected
policyserver(orotherresource)beforeusersareauthenticated.
AdefinitionforaHostCheckerpre-authenticationaccesstunnelconfiguresaccessto
onepolicyserverorotherresource.EachtunneldefinitionconsistsofapairofIPaddresses
andports:oneloopbackIPaddressandportontheclient,andoneIPaddressandport
onthepolicyserver.
Youspecifyoneormoretunneldefinition(s)inaHostCheckerpolicypackagedefinition
file.Thepackagedefinitionfile,whichmustbenamedMANIFEST.HCIF,definesthename
ofaninterfaceDLL,theHostCheckerpoliciesdefinedintheDLL,andthe
Copyright©2012,JuniperNetworks,Inc.
342
JunosPulseSecureAccessServiceAdministrationGuide
pre-authenticationaccesstunneldefinitions.Notethatifyoudonotincludepoliciesin
yourpackage,HostCheckersimplyenforcesthatthepackagehasrunontheclient.If
youdodeclarepoliciesthroughthisfile,theybecomeavailablethroughtheadminconsole
whereyoucanimplementthemattherealm,role,andresourcepolicylevels.
WithintheMANIFEST.HCIFfile,youmustincludeonedefinitionperline,withablankline
betweeneachdefinition,usingthefollowingformat:
HCIF-Main:<DLLName>
HCIF-Policy:<PolicyName>
HCIF-IVE-Tunnel:<client-loopback>:port<policy-server>:port
where:
<DLLName>isthenameoftheinterfaceDLL,suchasmyPestPatrol.dll.Evenifyouare
notusinganinterfaceDLL,youmustincludeadummyDLLasaplaceholderfilethathas
thisexactname.
<PolicyName>isthenameofapolicydefinedintheDLL,suchasmyFileCheck.Youcan
definemultiplepoliciesbyusingtheHCIF-Policystatementforeachpolicy.Ifyouarenot
usinganinterfaceDLL,youcanuseanypolicynameasaplaceholder.
ThesyntaxofaHostCheckertunneldefinitionis:
HCIF-IVE-Tunnel:<client-loopback>:port<policy-server>:port
where:
<client-loopback>isaloopbackaddressthatbeginswith127.andtakesanyofthe
followingforms:
AnIPaddressandportthattakestheformof127.*.*.*:port.Toavoidconflictswith
JSAM,donotuse127.0.0.1withport80,butyoucanuse127.0.0.1withotherports.For
example:127.0.0.1:3220
Ahostnamethatresolvestoaloopbackaddressthatbeginswith127.Youcanusea
localhostsfileoneachclientcomputeroraDNSservertoresolvetheloopbackaddress.
Ahostnamethatdoesnotresolvetoaloopbackaddress,orresolvestoanon-loopback
address.Inthesecases,HostCheckerallocatesaloopbackaddressandupdatesthe
localhostsfileontheclientwiththemapping.Notethattheusermusthave
administratorprivilegesinorderforHostCheckertomodifythelocalhostsfile.Ifthe
userdoesnothaveadministratorprivileges,HostCheckercannotupdatethehostsfile
andcannotopenthepre-authenticationaccesstunnel.Inthatcase,HostCheckerlogs
anerror.
<policy-server>istheIPaddressorhostnameoftheback-endpolicyserver.Secure
Accessresolvesthehostnameyouspecify.
Forexample,inthefollowingtunneldefinition,127.0.0.1:3220istheclientloopback
addressandport,andmysygate.company.com:5500isthepolicyserverhostnameand
port:
HCIF-IVE-Tunnel:127.0.0.1:3220mysygate.company.com:5500
343
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
Oryoucanuseahostnamefortheclient,asinthisexample:
HCIF-IVE-Tunnel:mysygate.company.com:3220mysygate.company.com:5500
Keepthefollowinginmindwhenspecifyingtunneldefinitions:
YoumustaddablanklinebetweeneachlineintheMANIFEST.HCIFfile,andyoucan
useasemi-colonatthebeginningofalinetoindicateacomment.Forexample:
HCIF-Main:myPestPatrol.dll
HCIF-Policy:myFileCheck
HCIF-Policy:myPortCheck
;Tunneldefinitions
HCIF-IVE-Tunnel:127.0.0.1:3220mysygate.company.com:5500
HCIF-IVE-Tunnel:127.1.1.1:3220mysygate2.company.com:5500
HCIF-IVE-Tunnel:mysygate.company.com:3220mysygate3.company.com:5500
HostCheckerpre-authenticationaccesstunnelsaresupportedonWindowsonly.
If<client-loopback>isanon-loopbackaddress,thenHostCheckercannotopenthe
pre-authenticationaccesstunnelandlogsanerrorinstead.
Ifyouusealoopbackaddressotherthan127.0.0.1(suchas127.0.0.2andabove),clients
whoareusingWindowsXPServicePack2mustinstalltheXPSP2HotFix.See:
http://support.microsoft.com/default.aspx?scid=kb;en-us;884020
NOTE: Ifyouaredeployingaclient-sideorserver-sidethird-partyDLL,keep
thefollowinginmind:
Unziptheserver-sidethird-partyDLLpackageandaddthetunnel
definitionstotheMANIFEST.HCIFfilethatcontainthepoliciesforthe
third-partyDLL.(TheDLLmustusethesame<client-loopback>address
andportorhostnamethatyouspecifyintheMANIFEST.HCIFfile.)
Sinceapre-authenticationaccesstunnelisopenonlywhileHostChecker
isrunning,athird-partyDLLcanaccessitsSecureAccessprotected
policyserveronlywhileHostCheckerisrunning.
Ifathird-partyDLLusesHTTPStoconnecttoitspolicyserverviaahost
namethatresolvesproperlytotheloopbackaddress,noservercertificate
warningsappear.However,ifthethird-partyDLLconnectsexplicitlyvia
aloopbackaddress,thenservercertificatewarningsdoappearbecause
thehostnameinthecertificatedoesnotmatchtheloopbackaddress.
(Thedeveloperofthethird-partyDLLcanconfiguretheDLLtoignore
thesewarnings.)
Related
Documentation
DefiningHostCheckerPre-AuthenticationAccessTunnelsonpage341
Copyright©2012,JuniperNetworks,Inc.
344
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested