Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Task Summary: Configuring Network Connect

    The following steps do not account for preliminary configuration steps such as specifying the SA Series Appliance’s network identity or adding user IDs.

    To configure the SA Series Appliance for Network Connect:

    1. Enable access to Network Connect at the role-level using settings in the Users > User Roles > Role > General > Overview page of the admin console.
    2. Create Network Connect resource policies using the settings in the Users > Resource Policies > Network Connect tabs:
      1. Specify general access settings and detailed access rules for Network Connect in the Network Connect Access Control tab of the admin console.
      2. Specify Network Connect Connection Profiles to assign to remote users in the Network Connect Connection Profiles tab of the admin console.
      3. (Optional) Specify split tunneling behavior for Network Connect in the Network Connect Split Tunneling tab of the admin console.
    3. Specify whether or not to enable GINA/Credential Provider installation, employ split tunneling, and/or auto-launch behavior for Network Connect in the Users > User Roles > Role > Network Connect page of the admin console.

      Note: If you choose to activate split tunneling behavior for Network Connect in this page, you must first create at least one Network Connect split-tunneling resource profile, as described above.

      You must enable Network Connect for a given role if you want a user mapped to that role to be able to use GINA/Credential Provider during Windows logon.

    4. Specify an IP address for the Network Connect server-side process to use for all Network Connect user sessions on the System > Network > Network Connect page in the admin console.
    5. Ensure that an appropriate version of Network Connect is available to remote clients.
    6. If you want to enable or disable client-side logging for Network Connect, configure the appropriate options in the System > Configuration > Security > Client-side Logs tab of the admin console.

    To install Network Connect, users must have appropriate privileges, as described in the Client-side Changes Guide on the Juniper Customer Support Center. If the user does not have these privileges, use the Juniper Installer Service available from the Maintenance > System > Installers page of the admin console to bypass this requirement.

    Network Connect requires signed ActiveX or signed Java applets to be enabled within the browser to download, install, and launch the client applications.

    By default, Vista Advanced firewall blocks all inbound traffic and allow all outbound traffic. For Network Connect to work in conjunction with Vista Advanced firewall, configure the following settings:

    • Change the Vista Advance firewall default settings to block all inbound and outbound traffic
    • Create the following outbound rules in the appropriate firewall profile:
      • Create a port rule to allow any to any IP and TCP any port to 443
      • Create a custom rule to allow 127.0.0.1 to 127.0.0.1 TCP any to any
    • Allow iExplorer.exe

    In prior releases you could specify whether the SA Series Appliance compiles Network Connect packet logs for specific Network Connect users. This option is no longer available as it impacts performance.

    Published: 2011-03-14