Thursday, June 18, 2015

Pulse Secure (formerly Juniper Pulse) - UAC Configuration Summary

Juniper Networks® Network Control and Access Solution - Unified Access Control (UAC) including at Junos Pule product line as a whole packge has been sold to Siris Capital and renamed to Pulse Secure for independent operations. This deal was announced about $250 million based on eWeek's Jeffrey Burt's post.

This will affect following two products in our environment.
a. IC4500


b. MAG6611




As a many years UAC/MAG solutions customer, there are some significant support change we have to be aware of from their transition website:

Pulse Secure is currently operating under a Transition Services Agreement (TSA) with Juniper Networks that will end on July 31, 2015. All support requests should go through Pulse Secure as of August 1, 2015. If you contact Juniper Networks after that date, you will be redirected to Pulse Secure support.
This includes support for already deployed products, products purchased during the transition period, and products purchased from Pulse Secure after the TSA ends. If a customer has purchased any support contract prior to July 31 through Juniper Networks and its partner network—or through Pulse Secure and its partner network—Pulse Secure will honor these terms throughout the life of the contract.

In order to keep records for some of my daily work, this post summarizes a few basic configuration steps relating to UAC4500. More posts posted before in this blog:


1. Upgrade

Find out the latest recommend version from Juniper website. Right now it is 5.2R1.0.



There are two options. One is from local file, another is from staged package. Either one should work as soon as you have downloaded correctly. 

2. Create a new role Test1 for new testing users

Most configuration are done through wizard and you should be able to use default settings. 
 Pulse Secure logo has been planted into the system if you come into UI options. It was Juniper Networks logo before on 5.0 version.


3. Create a new realms Test1

After created roles, you will need to create Realms to hold those roles/resources. Usually roles will associate with resources. The configuration for resources will be done at step 4.
3.1 Authetication
Choose proper authentication method from Administrators, Cert_Auth, Guest Authentication and System_Local. This will decide how you want to authenticate your users in your realm. The popular option will be local, ldap, radius, AD and certificate.



3.2 Rool Mapping
In this screenshot, it shows we are using certs as our authentication and it will verify if the certs has altName.UPNuid attribute. If UAC found this attribute match, it will assign a role Test1 created in step 2.

4. Create Resources for Test1 Role

This page will associate your network resources with your role defined at step1. In this example, one RDP and icmp resources have been configured for role Test1. One resource can belongs multiple roles.

5. Choose proper Authentication Realm on Signing In page

Signing In page is for the user. You can have multiple signing in pages for different user groups based on your company needs.

In this rdp page, there are two realms assigned on. rdp and Test1. It will allow the role mapping users in Realm Test1 to log in on this page and use the resources defined on step 4.

After above 5 steps, your users created in Realm 'Test1' will be able to log into Signing In page 'rdp'. After logged in, they will be assigned int role 'Test1' and have RDP access and ICMP access to the server 10.9.2.9.

References:

a. Juniper UAC Appliance IC4500 Step by Step Configuration (Part 1)
b. Juniper UAC Appliance IC4500 Step by Step Configuration (Part 2)

No comments:

Post a Comment