CHAPTER2
IntroductiontotheSASeriesAppliance
SASeriesSolutionOverviewonpage16
SecuringTrafficWithSASeriesAppliancesonpage18
AuthenticatingUsersWithExistingServersonpage19
Fine-TuningAccesstotheSASeriesSSLVPNApplianceandtheResourcesIt
Intermediatesonpage20
CreatingaSeamlessIntegrationBetweentheSASeriesSSLVPNApplianceandthe
ResourcesItIntermediatesonpage21
ProtectingAgainstInfectedComputersandOtherSecurityConcernsonpage21
EnsuringRedundancyintheSASeriesEnvironmentonpage22
MakingtheSASeriesInterfaceMatchMyCompany’sLook-and-Feelonpage23
EnablingUsersonaVarietyofComputersandDevicestoUsetheSASeriesSSLVPN
Applianceonpage23
ProvidingSecureAccessforMyInternationalUsersonpage24
ConfiguringtheSASeriesSSLVPNApplianceonpage24
NetworkandSecurityManagerandtheInfranetControlleronpage25
ConfiguringSecureAccessfortheInitialDMIConnectiononpage28
ManagingLargeBinaryDataFilesonpage30
UploadingandLinkingLargeBinaryDataFilesWithNSMonpage30
ImportingCustomSign-InPagesWithNSMonpage31
ImportingAntivirusLiveUpdateSettingsWithNSMonpage32
ImportingEndpointSecurityAssessmentPlug-in(ESAP)PackagesWith
NSMonpage33
UploadingaThird-PartyHostCheckerPolicyWithNSMonpage34
LinkingtoaThird-PartyHostCheckerPolicySharedObjectWithNSMonpage35
LinkingtoaSecureVirtualWorkspaceWallpaperImageSharedObjectWith
NSMonpage35
ImportingHostedJavaAppletsWithNSMonpage36
ImportingaCustomCitrixClient.cabFileWithNSMonpage37
JunosPulseOverviewonpage37
15
Copyright©2012,JuniperNetworks,Inc.
Pdf compress - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
pdf text box font size; adjust size of pdf in preview
Pdf compress - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
compress pdf; can a pdf be compressed
JunosPulseConfigurationOverviewonpage40
ConfiguringaRoleforJunosPulseonpage41
ClientConnectionSetOptionsonpage43
CreatingaClientConnectionSetonpage46
ConfiguringConnectionRulesforLocationAwarenessonpage48
JunosPulseComponentSetOptionsonpage50
CreatingaClientComponentSetonpage51
JunosPulseClientInstallationOverviewonpage52
InstallingtheJunosPulseClientfromtheWebonpage53
InstallingtheJunosPulseClientUsingaPreconfigurationFileonpage54
SASeriesSolutionOverview
TheJuniperNetworksSASeriesSSLVPNAppliancesenableyoutogiveemployees,
partners,andcustomerssecureandcontrolledaccesstoyourcorporatedataand
applicationsincludingfileservers,Webservers,nativemessagingande-mailclients,
hostedservers,andmorefromoutsideyourtrustednetworkusingjustaWebbrowser.
TheSASeriesSSLVPNAppliancesproviderobustsecuritybyintermediatingthedata
thatflowsbetweenexternalusersandyourcompany’sinternalresources.Usersgain
authenticatedaccesstoauthorizedresourcesthroughanextranetsessionhostedbythe
appliance.Duringintermediation,theSASeriesSSLVPNAppliancereceivessecure
requestsfromtheexternal,authenticatedusersandthenmakesrequeststotheinternal
resourcesonbehalfofthoseusers.Byintermediatingcontentinthisway,theSASeries
SSLVPNApplianceeliminatestheneedtodeployextranettoolkitsinatraditionalDMZ
orprovisionaremoteaccessVPNforemployees.
ToaccesstheintuitiveSASerieshomepage,youremployees,partners,andcustomers
needonlyaWebbrowserthatsupportsSSLandanInternetconnection.Thispage
providesthewindowfromwhichyouruserscansecurelybrowseWeborfileservers,use
HTML-enabledenterpriseapplications,starttheclient/serverapplicationproxy,begina
Windows,Citrix,orTelnet/SSHterminalsession,accesscorporatee-mailservers,start
asecuredlayer3tunnel,orscheduleorattendasecureonlinemeeting.
NOTE: ThesecapabilitiesdependupontheJuniperNetworksSASeries
productandupgradeoptionsyouhavepurchased
Copyright©2012,JuniperNetworks,Inc.
16
JunosPulseSecureAccessServiceAdministrationGuide
C# TIFF: How to Use C#.NET Code to Compress TIFF Image File
Compress Tiff. C# TIFF - Compress TIFF Files in C#.NET. C# .NET APIs and Sample Codes for How to Compress TIFF Document. C#.NET: Compress TIFF Files Overview.
best way to compress pdf file; pdf page size
VB.NET PDF Library SDK to view, edit, convert, process PDF file
Generally speaking, you can use this .NET document imaging SDK to load, create, edit, convert, protect, compress, extract, and navigate PDF document (page).
change font size fillable pdf; change page size pdf acrobat
Figure1:TheSASeriesApplianceWorkingwithinaLAN
YoucanconfigureaJuniperNetworksSASeriesSSLVPNApplianceinthefollowing
ways:
Provideuserswithsecureaccesstoavarietyofresources.TheSASeriesdevice
intermediatesaccesstomultipletypesofapplicationsandresourcessuchas
Web-basedenterpriseapplications,Javaapplications,fileshares,terminalhosts,and
otherclient/serverapplicationssuchasMicrosoftOutlook,LotusNotes,theCitrixICA
Client,andpcAnywhere.Additionally,administratorscanprovisionanaccessmethod
thatallowsfullLayer3connectivity,providingthesamelevelofaccessthatauser
wouldgetiftheywereonthecorporateLAN.
Fine-tuneuseraccesstotheappliance,resourcetypes,orindividualresourcesbased
onfactorssuchasgroupmembership,sourceIPaddress,certificateattributes,and
endpointsecuritystatus.Forinstance,youcanusedual-factorauthenticationand
client-sidedigitalcertificatestoauthenticateuserstotheSASeriesSSLVPNAppliance
anduseLDAPgroupmembershiptoauthorizeuserstoaccessindividualapplications.
Assessthesecuritystatusofyourusers’computersbycheckingforendpointdefense
toolssuchascurrentantivirussoftware,firewalls,andsecuritypatches.Youcanthen
allowordenyusersaccesstotheappliance,resourcetypes,orindividualresources
basedonthecomputer’ssecuritystatus.
TheSASeriesSSLVPNApplianceactsasasecure,ApplicationLayergateway
intermediatingallrequestsbetweenthepublicInternetandinternalcorporateresources.
AllrequeststhatentertheSASeriesSSLVPNAppliancearealreadyencryptedbythe
enduser'sbrowser,usingSSL/HTTPS128-bitor168-bitencryption—unencryptedrequests
aredropped.BecausetheSASeriesSSLVPNApplianceprovidesarobustsecuritylayer
betweenthepublicInternetandinternalresources,administratorsdonotneedto
constantlymanagesecuritypoliciesandpatchsecurityvulnerabilitiesfornumerous
differentapplicationandWebserversdeployedinthepublic-facingDMZ.
Related
Documentation
SecuringTrafficWithSecureAccessServiceonpage18
AuthenticatingUsersWithExistingServersonpage19
17
Copyright©2012,JuniperNetworks,Inc.
Chapter2:IntroductiontotheSASeriesAppliance
C# WPF PDF Viewer SDK to view, annotate, convert and print PDF in
Split PDF Document. File: Compress PDF. Page: Create Thumbnails. Page: Insert PDF Pages. Page: Delete Existing PDF Pages. Page: Replace
optimize scanned pdf; change font size pdf form reader
VB.NET Create PDF from PowerPoint Library to convert pptx, ppt to
Split PDF Document. File: Compress PDF. Page: Create Thumbnails. Page: Insert PDF Pages. Page: Delete Existing PDF Pages. Page: Replace
optimize scanned pdf; advanced pdf compressor
Fine-TuningAccesstoSecureAccessServiceandtheResourcesItIntermediateson
page20
CreatingaSeamlessIntegrationBetweenSecureAccessServiceandtheResources
ItIntermediatesonpage21
ProtectingAgainstInfectedComputersandOtherSecurityConcernsonpage21
EnsuringRedundancyintheSecureAccessServiceEnvironmentonpage22
MakingtheSecureAccessServiceInterfaceMatchMyCompany’sLook-and-Feelon
page23
EnablingUsersonaVarietyofComputersandDevicestoUseSecureAccessService
onpage23
ProvidingSecureAccessforMyInternationalUsersonpage24
SecuringTrafficWithSASeriesAppliances
TheSASeriesapplianceenablesyoutosecureaccesstoawidevarietyofapplications,
servers,andotherresourcesthroughitsremoteaccessmechanisms.Onceyouhave
chosenwhichresourceyouwanttosecure,youcanthenchoosetheappropriateaccess
mechanism.
Forinstance,ifyouwanttosecureaccesstoMicrosoftOutlook,youcanusetheSecure
ApplicationManager(SAM).TheSecureApplicationManagerintermediatestrafficto
client/serverapplicationsincludingMicrosoftOutlook,LotusNotes,andCitrix.Or,ifyou
wanttosecureaccesstoyourcompanyIntranet,youcanusetheWebrewritingfeature.
ThisfeatureusestheSASeriesAppliance’sContentIntermediationEnginetointermediate
traffictoWeb-basedapplicationsandWebpages.
TheSASeriesSSLVPNApplianceincludesremoteaccessmechanismsthatintermediate
thefollowingtypesoftraffic:
Web-basedtraffic,includingWebpagesandWeb-basedapplications—UsetheWeb
rewritingfeaturetointermediatethistypeofcontent.TheWebrewritingfeatureincludes
templatesthatenableyoutoeasilyconfigureaccesstoapplicationssuchasCitrix,
OWA,LotusiNotes,andSharepoint.Inaddition,youcanusetheWebrewritingcustom
configurationoptiontointermediatetrafficfromawidevarietyofadditionalWeb-based
applicationsandWebpages,includingcustom-builtWebapplications.
Javaapplets,includingWebapplicationsthatuseJavaapplets—UsethehostedJava
appletsfeaturetointermediatethistypeofcontent.Thisfeatureenablesyoutohost
JavaappletsandtheHTMLpagesthattheyreferencedirectlyontheSASeries
ApplianceratherthanmaintainingaseparateJavaserver.
Filetraffic,includingfileserversanddirectories—Usethefilerewritingfeatureto
intermediateanddynamically“webify”accesstofileshares.Thefilerewritingfeature
enablesyoutosecuretraffictoavarietyofWindowsandUNIXbasedservers,directories,
andfileshares.
Copyright©2012,JuniperNetworks,Inc.
18
JunosPulseSecureAccessServiceAdministrationGuide
VB.NET Create PDF from Word Library to convert docx, doc to PDF in
Split PDF Document. File: Compress PDF. Page: Create Thumbnails. Page: Insert PDF Pages. Page: Delete Existing PDF Pages. Page: Replace
change font size pdf fillable form; pdf file compression
VB.NET PDF- HTML5 PDF Viewer for VB.NET Project
Split PDF Document. File: Compress PDF. Page: Create Thumbnails. Page: Insert PDF Pages. Page: Delete Existing PDF Pages. Page: Replace
change font size in pdf file; change paper size in pdf
Client/serverapplications—UsetheSecureApplicationManager(SAM)featureto
intermediatethistypeofcontent.SAMcomesintwovarieties(WindowsandJava
versions,orWSAMandJSAM).TheWSAMandJSAMfeaturesincludetemplatesthat
enableyoutoeasilyconfigureaccesstoapplicationssuchasLotusNotes,Microsoft
Outlook,NetBIOSfilebrowsing,andCitrix.Inaddition,youcanusetheWSAMand
JSAMcustomconfigurationoptionstointermediatetrafficfromawidevarietyof
additionalclient/serverapplicationsanddestinationnetworks.
TelnetandSSHterminalemulationsessions—UsetheTelnet/SSHfeatureto
intermediatethistypeofcontent.Thisfeatureenablesyoutoeasilyconfigureaccess
toavarietyofnetworkeddevicesthatutilizeterminalsessionsincludingUNIXservers,
networkingdevices,andotherlegacyapplications.
WindowsTerminalServersandCitrixserverterminalemulationsessions—Usethe
TerminalServicesfeaturetointermediatethistypeofcontent.Thisfeatureenables
youtoeasilyconfigureaccesstoWindowsTerminalServers,CitrixMetaFrameServers,
andCitrixPresentationServers(formerlyknownasNfuseservers).Youcanalsouse
thisfeaturetodelivertheterminalservicesclientsdirectlyfromtheSASeriesAppliance,
eliminatingtheneedtouseanotherWebservertohosttheclients.
E-mailclientsbasedontheIMAP4,POP3,andSMTPprotocols—Usetheemailclient
featuretointermediatethistypeofcontent.Thisfeatureenablesyoutoeasilyconfigure
accesstoanycorporatemailserverbasedontheIMAP4,POP3,andSMTPprotocols,
suchasMicrosoftExchangeServerandLotusNotesMailservers.
Allnetworktraffic—UsetheNetworkConnectfeaturetocreateasecure,Layer3tunnel
overtheSSLconnection,allowingaccesstoanytypeofapplicationavailableonthe
corporatenetwork.Thisfeatureenablesyoutoeasilyconnectremoteusersintoyour
networkbytunnelingnetworktrafficoverport443,enablingusersfullaccesstoallof
yournetworkresourceswithoutconfiguringaccesstoindividualservers,applications,
andresources.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
AuthenticatingUsersWithExistingServers
YoucaneasilyconfiguretheSASeriesSSLVPNAppliancetouseyourcompany’sexisting
serverstoauthenticateyourendusers—Usersdonotneedtolearnanewusernameand
passwordtoaccesstheSASeriesdevice.TheSASeriesSSLVPNAppliancesupports
integrationwithLDAP,RADIUS,NIS,WindowsNTDomain,ActiveDirectory,eTrust
SiteMinder,SAML,andRSAACE/Servers.
Or,ifyoudonotwanttouseoneofthesestandardservers,youcanstoreusernamesand
credentialsdirectlyontheSASeriesSSLVPNApplianceandusetheSASeriesSSLVPN
Applianceitselfasanauthenticationserver.Inaddition,youcanchoosetoauthenticate
usersbasedonattributescontainedinauthenticationassertionsgeneratedbySAML
authoritiesorclient-sidecertificates.Or,ifyoudonotwanttorequireyouruserstosign
intotheSASeriesSSLVPNAppliance,youcanusetheSASeriesanonymous
authenticationserver,whichallowsuserstoaccesstheSASeriesSSLVPNAppliance
withoutprovidingausernameorpassword.
19
Copyright©2012,JuniperNetworks,Inc.
Chapter2:IntroductiontotheSASeriesAppliance
C# HTML5 PDF Viewer SDK to view PDF document online in C#.NET
Split PDF Document. File: Compress PDF. Page: Create Thumbnails. Page: Insert PDF Pages. Page: Delete Existing PDF Pages. Page: Replace
compress pdf; best compression pdf
C# PDF Image Extract Library: Select, copy, paste PDF images in C#
PDF ›› C# PDF: Extract PDF Image. How to C#: Extract Image from PDF Document. Support PDF Image Extraction from a Page, a Region on a Page, and PDF Document.
pdf font size change; pdf change page size
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
AboutAuthenticationandDirectoryServersonpage142
Fine-TuningAccesstotheSASeriesSSLVPNApplianceandtheResourcesIt
Intermediates
InadditiontousingauthenticationserverstocontrolaccesstotheSASeriesSSLVPN
Appliance,youcancontrolaccesstotheSASeriesSSLVPNApplianceandtheresources
itintermediatesusingavarietyofadditionalclient-sidechecks.TheSASeriesSSLVPN
ApplianceenablesyoutocreateamultilayeredapproachtoprotecttheSASeriesSSL
VPNApplianceandyourresources:
1.
First,youcanperformpreauthenticationchecksthatcontroluseraccesstotheSA
Seriessign-inpage.Forinstance,youmightconfiguretheSASeriesSSLVPNAppliance
tocheckwhetherornottheuser’scomputerisrunningaparticularversionofNorton
Antivirus.Ifitisnotrunning,youcandeterminethattheuser’scomputerisunsecure
anddisableaccesstotheSASeriessign-inpageuntiltheuserhasupdatedthe
computer’santivirussoftware.
2.
OnceauserhassuccessfullyaccessedtheSASeriessign-inpage,youcanperform
realm-levelcheckstodeterminewhetherhecanaccesstheSASeriesend-userhome
page.Themostcommonrealm-levelcheckisperformedbyanauthenticationserver.
(Theserverdetermineswhethertheuserentersavalidusernameandpassword.)
Youcanperformothertypesofrealm-levelchecks,however,suchascheckingthat
theuser’sIPaddressisinyournetworkorthattheuserisusingtheWebbrowsertype
thatyouspecify.
Ifauserpassestherealm-levelchecksthatyouspecify,theusercanaccesstheSA
Seriesend-userhomepage.Otherwise,theSASeriesSSLVPNAppliancedoesnot
enabletheusertosignin,ortheSASeriesSSLVPNAppliancedisplaysa“stripped
down”versionoftheSASerieshomepagethatyoucreate.Generally,thisstripped
downversioncontainssignificantlylessfunctionalitythanisavailabletoyourstandard
usersbecausetheuserhasnotpassedallofyourauthenticationcriteria.TheSASeries
SSLVPNApplianceprovidesextremelyflexiblepolicydefinitions,enablingyouto
dynamicallyalterend-userresourceaccessbasedoncorporatesecuritypolicies.
3.
AftertheSASeriesSSLVPNAppliancesuccessfullyassignsausertoarealm,the
appliancemapstheusertoarolebasedonyourselectioncriteria.Arolespecifies
whichaccessmechanismsaselectedgroupofuserscanaccess.Italsocontrols
sessionandUIoptionsforthatgroupofusers.Youcanuseawidevarietyofcriteria
tomapuserstoroles.Forinstance,youcanmapuserstodifferentrolesbasedon
endpointsecuritychecksoronattributesobtainedfromanLDAPserverorclient-side
certificate.
4.
Inmostcases,auser’sroleassignmentscontrolwhichindividualresourcestheuser
canaccess.Forinstance,youmightconfigureaccesstoyourcompany’sIntranetpage
usingaWebresourceprofileandthenspecifythatallmembersoftheEmployeesrole
canaccessthatresource.
Copyright©2012,JuniperNetworks,Inc.
20
JunosPulseSecureAccessServiceAdministrationGuide
However,youcanchoosetofurtherfine-tuneaccesstoindividualresources.Forinstance,
youmayenablemembersoftheEmployeesroletoaccessyourcompany’sIntranet(as
describedearlier),butaddaresourcepolicydetailedrulethatrequiresuserstomeet
additionalcriteriatoaccesstheresource.Forexample,youmayrequireuserstobe
membersoftheEmployeesroleandtosignintotheSASeriesSSLVPNApplianceduring
businesshourstoaccessyourcompanyIntranet.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
AccessManagementOverviewonpage59
CreatingaSeamlessIntegrationBetweentheSASeriesSSLVPNApplianceandthe
ResourcesItIntermediates
InatypicalSASeriesconfiguration,youcouldaddbookmarksdirectlytotheSASeries
end-userhomepage.Thesebookmarksarelinkstotheresourcesthatyouconfigurethe
SASeriesSSLVPNAppliancetointermediate.Addingthesebookmarksenablesusers
tosignintoasingleplace(theSASeriesSSLVPNAppliance)andfindaconsolidated
listofalloftheresourcesavailabletothem.
Withinthistypicalconfiguration,youcanstreamlinetheintegrationbetweentheSA
SeriesSSLVPNApplianceandtheintermediatedresourcesbyenablingsinglesign-on
(SSO).SSOisaprocessthatallowspreauthenticatedSASeriesuserstoaccessother
applicationsorresourcesthatareprotectedbyanotheraccessmanagementsystem
withouthavingtore-entertheircredentials.DuringSASeriesconfiguration,youcan
enableSSObyspecifyingusercredentialsthatyouwanttheSASeriesSSLVPNAppliance
topasstotheintermediatedresources.
Or,ifyoudonotwanttocentralizeuserresourcesontheSASeriesend-userhomepage,
youcouldcreatelinkstotheSASeries-intermediatedresourcesfromanotherWebpage.
Forinstance,youcanconfigurebookmarksontheSASeriesSSLVPNAppliance,and
thenaddlinkstothosebookmarksfromyourcompany’sIntranet.Youruserscanthen
signintoyourcompanyIntranetandclickthelinkstheretoaccesstheintermediated
resourceswithoutgoingthroughtheSASerieshomepage.AswithstandardSASeries
bookmarks,youcanenableSSOfortheseexternallinks.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
AboutSingleSign-Ononpage253
ProtectingAgainstInfectedComputersandOtherSecurityConcerns
TheSASeriesSSLVPNApplianceenablesyoutoprotectagainstviruses,attacks,and
othersecurityconcernsusingtheHostCheckerfeature.HostCheckerperformssecurity
checksontheclientsthatconnecttotheSASeriesSSLVPNAppliance.Forinstance,
youcanuseHostCheckertoverifythatend-usersystemscontainup-to-dateantivirus
software,firewalls,criticalsoftwarehotfixes,andotherapplicationsthatprotectyour
users’computers.YoucanthenenableordenyusersaccesstotheSASeriessign-in
pages,realms,roles,andresourcesbasedontheresultsthatHostCheckerreturns.Or,
21
Copyright©2012,JuniperNetworks,Inc.
Chapter2:IntroductiontotheSASeriesAppliance
youcandisplayremediationinstructionstouserssotheycanbringtheircomputersinto
compliance
YoucanalsouseHostCheckertocreateaprotectedworkspaceonclientsrunning
Windows2000orWindowsXP.ThroughHostChecker,youcanenabletheSecureVirtual
Workspace(SVW)featuretocreateaprotectedworkspaceontheclientdesktop,ensuring
thatanyendusersigningintoyourintranetmustperformallinteractionswithina
completelyprotectedenvironment.SecureVirtualWorkspaceencryptsinformationthat
applicationswritetodiskortheregistryandthendestroysallinformationpertainingto
itselfortheSASeriessessionwhenthesessioniscomplete.
YoucanalsosecureyournetworkfromhostileoutsideintrusionbyintegratingyourSA
SeriesSSLVPNAppliancewithaJuniperNetworksIntrusionDetectionandPrevention
(IDP)sensor.YoucanuseIDPdevicestodetectandblockmostnetworkwormsbased
onsoftwarevulnerabilities,non-file-basedTrojanhorses,theeffectsofSpyware,Adware,
andKeyLoggers,manytypesofmalware,andzerodayattacksthroughtheuseofanomaly
detection.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
ConfiguringtheSecureAccessServicetoInteroperatewithIDPonpage933
EnsuringRedundancyintheSASeriesEnvironment
YoucanensureredundancyinyourSASeriesenvironmentusingtheSASeriesSSLVPN
Applianceclusteringfeature.Withthisfeature,youcandeploytwoormoreappliances
asacluster,ensuringnouserdowntimeintherareeventoffailureandstatefulpeering
thatsynchronizesusersettings,systemsettings,andusersessiondata.
Theseappliancessupportactive/passiveoractive/activeconfigurationsacrossaLAN
oraWAN.InActive/Passivemode,oneSASeriesSSLVPNApplianceactivelyserves
userrequestswhiletheotherSASeriesSSLVPNAppliancerunspassivelyinthe
backgroundtosynchronizestatedata.IftheactiveSASeriesSSLVPNAppliancegoes
offline,theSASeriesSSLVPNApplianceautomaticallystartsservicinguserrequests.
Inactive/activemode,allthemachinesintheclusteractivelyhandleuserrequestssent
byanexternalloadbalancer.TheloadbalancerhoststheclusterVIPandroutesuser
requeststoanSASeriesSSLVPNAppliancedefinedinitsclustergroupbasedon
source-IProuting.IfanSASeriesSSLVPNAppliancegoesoffline,theloadbalancer
adjuststheloadontheactiveSASeriesSSLVPNAppliance.
NOTE: WANclusteringisnotsupportedontheMAGSeriesJunosPulse
Gateways,exceptasitrelatestocampusnetworks.Inawell-connected
campusnetwork,wheretheconnectivityismoreLAN-likethanWAN-like,
theJunosPulseGatewayscanbeclusteredinseparatebuildings.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
Copyright©2012,JuniperNetworks,Inc.
22
JunosPulseSecureAccessServiceAdministrationGuide
MakingtheSASeriesInterfaceMatchMyCompany’sLook-and-Feel
TheSASeriesSSLVPNApplianceenablesyoutocustomizeavarietyofelementsinthe
end-userinterface.Usingthesecustomizationfeatures,youcanupdatethelook-and-feel
oftheSASeriesend-userconsolesoitwillresembleoneofyourstandardcompanyWeb
pagesorapplications.
Forinstance,youcaneasilycustomizetheheaders,backgroundcolors,andlogosthat
theSASeriesSSLVPNAppliancedisplaysintheSASeriessign-inpageandend-user
consoletomatchyourcompany’sstyle.Youcanalsoeasilycustomizetheorderinwhich
theSASeriesSSLVPNAppliancedisplaysbookmarksandthehelpsystemthattheSA
SeriesSSLVPNAppliancedisplaystousers.
Or,ifyoudonotwanttodisplaytheSASeriesend-userhomepagetousers(eitherin
standardorcustomizedform),youcanchoosetoredirectuserstoadifferentpage(such
asyourcompanyIntranet)whenusersfirstsignintotheSASeriesSSLVPNAppliance
console.Ifyouchoosetousethisoption,youmaywanttoaddlinkstoyourSASeries
bookmarksonthenewpage.
IfyouwanttofurthercustomizetheSASeriessign-inpage,youcanusetheSASeries
SSLVPNAppliance’scustomsign-inpagesfeature.Unlikethestandardcustomization
optionsthatyoucanconfigurethroughtheSASeriesSSLVPNApplianceadminconsole,
thecustomsign-inpagesfeaturedoesnotlimitthenumberofcustomizationsyoucan
maketoyourpages.Usingthisfeature,youcanuseanHTMLeditortodevelopasign-in
pagethatexactlymatchesyourspecifications.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
CreatingaSeamlessIntegrationBetweenSecureAccessServiceandtheResources
ItIntermediatesonpage21
CustomizableAdminandEnd-UserUIsonpage949
EnablingUsersonaVarietyofComputersandDevicestoUsetheSASeriesSSLVPN
Appliance
InadditiontoallowinguserstoaccesstheSASeriesSSLVPNAppliancefromstandard
workstationsandkiosksrunningWindows,Macintosh,andLinuxoperatingsystems,the
SASeriesSSLVPNAppliancealsoallowsenduserstoaccesstheSASeriesSSLVPN
AppliancefromconnectedPDAs,handheldsandsmartphonessuchasi-modeand
PocketPC.WhenauserconnectsfromaPDAorhandhelddevice,theSASeriesSSL
VPNAppliancedetermineswhichSASeriespagesandfunctionalitytodisplaybasedon
settingsthatyouconfigure.
FormoreinformationaboutspecifyingwhichpagestheSASeriesSSLVPNAppliance
displaystodifferentdevices,seetheSASeriessupportedplatformsdocumentavailable
ontheSSLVPNOSSoftwarepageoftheJuniperNetworksCustomerSupportCenter.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
23
Copyright©2012,JuniperNetworks,Inc.
Chapter2:IntroductiontotheSASeriesAppliance
HandheldDevicesandPDAsonpage993
ProvidingSecureAccessforMyInternationalUsers
TheSASeriesSSLVPNAppliancesupportsEnglish(US),French,German,Spanish,
SimplifiedChinese,TraditionalChinese,Japanese,andKorean.Whenyouruserssigninto
theSASeriesSSLVPNAppliance,theSASeriesSSLVPNApplianceautomatically
detectsthecorrectlanguagetodisplaybasedontheuser’sWebbrowsersetting.Or,you
canuseend-userlocalizationandcustomsign-inpagesoptionstomanuallyspecifythe
languagethatyouwanttodisplaytoyourendusers.
Related
Documentation
SecureAccessServiceSolutionOverviewonpage16
AboutMulti-LanguageSupportfortheSecureAccessServiceonpage989
ConfiguringtheSASeriesSSLVPNAppliance
ToenableuserstostartusingyourSASeriesSSLVPNAppliance,youmustcomplete
thefollowingbasicsteps:
1.
Plugintheappliance,connectittoyournetwork,andconfigureitsinitialsystemand
networksettings.ThisquickandeasyprocessisdetailedintheSASeriesSSLVPN
ApplianceQuickStartGuide.
2.
AfteryouconnecttheSASeriesSSLVPNAppliancetoyournetwork,youneedtoset
thesystemdateandtime,upgradetothelatestservicepackage,andinstallyour
productlicenses.Whenyoufirstsignintotheadminconsole,theSASeriesSSLVPN
Appliancedisplaysaninitialconfigurationtaskguidethatquicklywalksyouthrough
thisprocess.
3.
Afteryouinstallyourproductlicenses,youneedtosetupyouraccessmanagement
frameworktoenableyouruserstoauthenticateandaccessresources.Configuration
stepsinclude:
a.
Defineanauthenticationserverthatverifiesthenamesandpasswordsofyour
users.
b.
Createuserrolesthatenableaccessmechanisms,sessionoptions,andUIoptions
forusergroups.
c.
Createauserauthenticationrealmthatspecifiestheconditionsthatusersmust
meettosignintotheSASeriesSSLVPNAppliance.
d.
Defineasign-inpolicythatspecifiestheURLthatusersmustaccesstosigninto
theSASeriesSSLVPNApplianceandthepagethattheyseewhentheysignin.
e.
Createresourceprofilesthatcontrolaccesstoresources,specifywhichuserroles
canaccessthem,andincludebookmarksthatlinktotheresources.
TheSASeriesSSLVPNApplianceincludesataskguideinitsadminconsolethat
quicklywalksyouthroughthisprocess.Toaccessthistaskguide,clicktheGuidance
Copyright©2012,JuniperNetworks,Inc.
24
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested