Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Network Connect Execution

    The Network Connect agent executes as follows:

    1. If Graphical Identification and Authorization (GINA) is installed and registered on the remote client, the client automatically initiates a Network Connect tunnel to the SA Series Appliance when the user signs into Windows; otherwise, the user needs to sign into an SA Series Appliance and click on the Network Connect link on the SA Series Appliance end-user home page (if you have not configured Network Connect to launch automatically).

      Note: SSO is supported only when Network Connect GINA is the only GINA installed on the client’s system.

    2. If the user does not have the latest version of the Network Connect installer, the SA Series Appliance attempts to download an ActiveX control (Windows) or a Java applet (Macintosh and Linux) to the client machine that then downloads the Network Connect software and performs installation functions. If the SA Series Appliance fails to download or upgrade the ActiveX control to a Windows client due to restricted access privileges or browser restrictions, the SA Series Appliance uses a Java applet to deliver the Network Connect software to the client.

      If Microsoft Vista is running on the user’s system, the user must click the setup link that appears during the installation process to continue installing the setup client and Network Connect. On all other Microsoft operating systems, the setup client and Network Connect install automatically.

      Whether the SA Series Appliance downloads an ActiveX control or a Java applet, both components attempt to identify the presence and version of existing Network Connect software on the client before determining which of the following installation functions to perform:

      • If the client machine has no Network Connect software, install the latest version.
      • If the client machine has an earlier version of Network Connect software, upgrade the shared Network Connect components to the newer version and install the most current UI version from the SA Series Appliance.

        Note: For information about valid Java applets, installation files and logs, and the operating system directories in which delivery mechanisms run, see the Client-side Changes Guide on the Juniper Networks Customer Support Center.

    3. Once installed, the Network Connect agent sends a request to the SA Series Appliance to initialize the connection with an IP address from the pre-provisioned IP pool (as defined by the Network Connect Connection Profiles resource policies applicable to the user’s role).
    4. The Network Connect system tray icon starts running in the taskbar on a Windows client or in the Dock on a Mac client.
    5. The SA Series Appliance allocates an IP address (from a Network Connect Connection Profiles resource policy) and assigns a unique IP to the Network Connect service running on the client.
    6. The client-side Network Connect service uses the assigned IP address to communicate with the Network Connect process running on the SA Series Appliance.
    7. After the SA Series Appliance allocates an IP address to the client, the SA Series Appliance opens a direct channel of communication between the client and all enterprise resources to which the user’s resource policy allows access. The internal application server sees the source IP as the client’s IP address.

    The client-side Network Connect agent communicates with the SA Series Appliance, which, in turn, forwards client requests to enterprise resources.

    Note: If you use Host Checker to validate the presence of client-side security components based on policies you define on the SA Series Appliance and the client cannot conform to the security policies at any point during a Network Connect session, Host Checker terminates the session.

    Published: 2011-03-14