close

Endpoint Security Gartner Magic Quadrant 2013

Deploying the Junos Pulse Client poses one major problem, if you don’t have some kind of endpoint server, and that is there is no way to bundle configuration settings. For example, with an endpoint is works like this:

msiexec -i JunosPulse.x86.msi CONFIGFILE=”PathToConfig\myconfiguration.jnprpreconfig” ADDLOCAL=PulseSA /q

Of course, that doesn’t help us if we don’t have a centralized setup. The best I could figure out is wrapping up the 32 and 64 bit MSIs into one package, deploying them, and having the user enter the URL to the server; it’s not great…and I expect more from Juniper. See my working script at the bottom.

Things I did try (that did not work):

(1) Performing a snapshot of the install…capturing the settings. (2) Modifying the MSI (3) Creating a MST (4) Creating my own config file (5) Using MSI options

Sample Config File

schema version {

version: “1” } machine settings { version: “5” guid: “test12345678910-test1234-1234test-1234-12345678910” connection-source: “preconfig” server-id: “12345678910-1234-1234-1234f-12345678910” allow-save: “true” user-connection: “true” splashscreen-display: “false” dynamic-trust: “true” dynamic-connection: “true” wireless-suppression: “false” } ive “test12341324-1234-1234-1234-12345678910” { friendly-name: “SA auto connect” version: “3” guid: “test12345-1234-1234-1234-12345678910” server-id: “test12345678910-test1234-1234test-1234-12345678910” connection-source: “preconfig” uri: “vpn.ourcompany.com” connection-policy-override: “true” use-for-secure-meetings: “false” use-for-connect: “true” connection-identity: “user-at-credprov” connection-policy: “automatic” preferred-realm: “OurCompany” preferred-roleset: “OurCompany_Computer_Windows_autoconnect” sso-max-delay: “120” sso-user-based-virtual-lan: “false” }

Other important information Sample Output

When you use ADDLOCAL, you should append msiexec options /qn or /qb to the command line to suppress the installation program user interface. These examples use /qb.

To install PulseUAC with 802.1x and Enhanced Endpoint Security support on a Windows 32-bit endpoint using a configuration file, use the following command line: msiexec -i JunosPulse.x86.msi CONFIGFILE=c:\pulse\Pulse-Connection-no.jnprpreconfig ADDLOCAL=PulseUAC,Pulse8021x,UACEndpointDefense /qb

To install PulseSA on a 32-bit Windows endpoint using a configuration file, use the following command line: msiexec -i JunosPulse.x86.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig ADDLOCAL=PulseSA /qb

To install PulseSA with Enhanced Endpoint Security and Host Checker on a 64-bit Windows endpoint using a configuration file, use the following command line: msiexec -i JunosPulse.x64.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig ADDLOCAL=PulseSA,SAEndpointDefense,SAHostChecker /qb

To install PulseAppAccel on a 64-bit Windows endpoint using a configuration file, use the following command line: msiexec -i JunosPulse.x64.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig ADDLOCAL=PulseAppAccel /qb

To install all Pulse components on a 64-bit Windows endpoint using a configuration file, use the following command line: msiexec -i JunosPulse.x64.msi CONFIGFILE=c:\temp\myconfiguration.jnprpreconfig /qb

Summary

Two users are trying to connect to the SA device and launch Junos Pulse. The first user’s Junos Pulse session is disconnected, when the second user connects to the same SA device (as the first user) and launches Junos Pulse.

Problem:

User A connects to the SA device via Junos Pulse.

User B connects to the same SA device via Junos Pulse and User A’s session is automatically ended.

Cause:

This issue is due to Disk Imaging/cloning.

The GUID on every client is the number that identifies the client to the server.

If the client and the connection GUIDs match, then the old session is terminated, as the server assumes that an existing client is creating a new session to a connection; to which it already has a connection.

The Client ID is the unique ID of the client and the channel ID is the unique ID of the connection.

Multiple clients can have the same connection ID; but multiple clients cannot have the same client ID.

Both the devices must have a unique GUID.

Solution:

The device must be cloned, prior to making the connection to IVE or the GUID must be deleted in the following section before cloning:

The Junos Pulse connection configuration, which is located at C:\Program Files (x86)\Common Files\Juniper Networks\ConnectionStore\connstore.dat, contains the following section: machine “local” { guid: “9e4898e81ca026623e7fb4c9f4de1f678244fa62” pulse-language: “en-US” }

Remove the GUID.

My script

@Echo on

title Administrative Installation by Eddie Jackson color 0a set CurDir=%CD%

set UserN = DeploymentServer

EVENTCREATE /T INFORMATION /L Application /ID 777 /d “Junos Pulse Client 5.0.48695.0 installation STARTED by %UserN%”

REM 64BIT if exist “C:\Program Files (x86)\” ( c:\windows\system32\msiexec.exe /i “%CurDir%\JunosPulse.x64.msi” /qn /norestart EVENTCREATE /T INFORMATION /L Application /ID 777 /d “Junos Pulse Client 5.0.48695.0 64bit installation COMPLETED!” goto :END )

REM 32BIT c:\windows\system32\msiexec.exe /i “%CurDir%\JunosPulse.x86.msi” /qn /norestart EVENTCREATE /T INFORMATION /L Application /ID 777 /d “Junos Pulse Client 5.0.48695.0 32bit installation COMPLETED!” goto :END :END %windir%\system32\REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\DEPLOYEDSOFTWARE\Junos\Pulse\5.0.48695.0” /v InstallDate /d “%date% %time%” /t REG_SZ /f %windir%\system32\REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\DEPLOYEDSOFTWARE\Junos\Pulse\5.0.48695.0” /v InstalledBy /d “%UserN%” /t REG_SZ /f exit /b 0


endpoint security download checkpoint     endpoint security by bitdefender removal tool

TAGS

CATEGORIES