The Juniper SSL VPN is a full-featured appliance using SSL protocol to allow remote computers to securely access our organization’s resources with a standard browser. The types of resources that Juniper can make available are listed below:
Resources Description
Web Browsing ✓ Allows access to internal web pages and web-based applications used by government
File Browsing Allows access to Windows and Unix Files
Terminal Services ✓ Supports Remote Desktop Connection (RDC/RDP), Citrix and Terminal Services sessions
Telnet Supports Secure Terminal access to Telnet sessions
SSH ✓ Supports Secure Terminal access to SSH sessions
Network Connect (NC) ✓ Provides full network connectivity to a broad range of internal resources and applications using Layer 3 (IPSec-like) networks connection
Junos Pulse (JP) ✓ New replacement software for Network Connect to support additional mobile devices
Secure Meeting Supports Cross-platform secure on-line meetings
Virtual Desktop Supports VMware Virtual Desktops
Secure Application Manager (W-SAM and J-SAM)
Supports client/server applications such as Citrix, Microsoft Terminal Services, Microsoft Exchange MAPI, and Lotus Notes
Features currently implemented by the Network Operations group
Only resources marked with
✓
are supported by our Juniper implementation. Our primary goals of using Juniper are to reduce number of Layer 3 network connections (NC or JP), provide general users a remote capability to remote connect to their work PC(s) using Remote Desktop connection (RDC/RDP) and access the internal government web pages and web-based applications from home or remote locations. As such, only “Web Browsing” and “Terminal Services” resources will be available to majority of the users.Juniper Supported Platforms
The current version of Juniper (IVE 8.0R1) supports wide variety of Operating Systems and browsers. The list of supported Operating Systems and combined browser is listed:
Platform Operating System Browsers and Java Environment
Windows (this platform is supported by Network Operations-Remote group)
• Vista Enterprise/Ultimate/Business/Home Basic/Home Premium with Service Pack 2 on 32 bit or 64 bit platforms
• Windows 7 Enterprise/Ultimate/Professional/Home Basic/Home Premium on 32 bit or 64 bit
• All Windows 8 and Windows 8.1 versions • All XP Home and Professional versions • Windows 2003 R1
• Windows 2008 R2
• Internet Explorer 6.0 to 9.0 • Internet Explorer 10 and 11 (On Windows 8.0 and 8.1 platforms, the endpoint must use desktop mode and enable plug-ins in the Internet Explorer configuration)
• Firefox 3.0 to Firefox 10 • Sun JRE 6 and JRE7 Mac • Mac OS X 10.5, 10.6, 10.7 and 10.8, 32 bit and 64 bit
• Mac OS X 10.9 (with Junos Pulse client)
• Safari 4.0 to 6.0 • Sun JRE 6 and JRE7 Linux • OpenSuse 10.x, 11.x and 12.1, 32 bit only
• Ubuntu 9.10, 10.x, 11.x and 12.04 LTS, 32 bit only • Red Hat Enterprise Linux 5, 32 bit only
• Fedora 12
• Firefox 3.0 to Firefox 10 • Sun JRE 6 and JRE7
• IcedTea-Web 1.2 with OpenJDK 6 & 7
Solaris • Solaris 10, 32 bit only • Firefox 10
• Mozilla 2.0 and above Mobile devices • iPhone/iPad OS (iOS) 3.0 up to 7.0 with default Safari and iPad
• Android 2.0 up to 4.3
• Symbian OS 8.1, S60 5th edition and Symbian Anna OS
• Windows Mobile 5.0 Standard and above, Classic and Professional: Pocket IE 4.0
• Windows Mobile 6.5 Standard, Classic and Professional: Internet Explorer Mobile 6.0
• NTT I-mode phone
• AU/KDDI phone : Open wave Mobile Browser • Vodafone phone : Open wave Mobile Browser
Host Connection Requirements (for Windows PC only)
Your host Windows PC must meet the Windows platform requirements
You must have administrative rights on your host Windows PC (to install Juniper’s clients)
You must have an anti-virus program installed that is supported by Juniper (see current list published by Juniper on http://www.juniper.net/techpubs/software/ive/esap/releasenotes/j-esap-2.5.1-supportedproducts-v3sdk.pdf, Network Operations Remote group will provide anti-virus support to a non-government issued Windows PCs if you are using Windows Defender, Microsoft Security Essentials and Microsoft Systems Center Endpoint Protection)
Provide us a list of IP address(es) for the work PC(s) you want to RDP
Enable “Remote Desktop” service on your work PC(s) you want to RDP to accept remote connections.
Connection Instructions with Microsoft Internet Explorer (IE) version 7/8/9/10/11
1) Type https://rm.gov.ns.ca from your Microsoft IE browser to launch the Sign-on page.
Please note: if you are using non-IE browser, your prompt screen will be different for a similar install prompts. The system may prompt you to install Active-x JuniperSetupClient, just click “OK” to accept and install the Juniper Setup client
If your anti-virus is not supported, an error message similar to the one below will be displayed and you will not able to proceed further:
2) The next screen you see is a customized portal screen (see Figure 2) created based on your VPN user group. a) If you are Remote option user, you can use the customized “Connect to My Computer on NSGOV
Domain” bookmark(s) to RDP to your work PC(s). The first time you using this, Juniper will auto-install the Juniper Terminal service Client, click the “Always” button to continue.
layer-3 connection. The first time you using this, Juniper will auto-install the Juniper Network Connect Client as shown below
Using Juniper without Host Checker option (not available to Network Connect or Junos Pulse users)
You can still connect to Juniper if your host Windows PC (or any other remote devices) doesn’t have a copy of the supported anti-virus program installed. Type https://rm.gov.ns.ca/nohostcheck will allow you to connect to a restricted Portal page similar to Figure 3 to access web and TS session resources without the options for Browser box and Terminal Session Launch box. The RDP session will be restricted with no printer, no drive mappings and with 2 hours maximum session timeout.
Attachments
Juniper SSL VPN (Signing on process)-Figure 1 Sample SSL VPN Portal Page Explain-Figure 2
Juniper SSL VPN
(Signing on process)
Https://rm.gov.ns.caConnect to URLSign-on Page
Successful Sign-on using Secure LDAP Authentication
Users will see a customized VPN Portal Page based on user name, group, attribute and custom expression. Users will have customized bookmarks to access internal network resources including internal/external webpages, web-based applications, TS, Citrix, Client/ Server applications, Files Share (Windows only), Telnet/SSH (if needed), Layer 3 network Access (Network Connect using Junos Pulse client-Ipsec like VPN), remote Control to user’s PC, servers and virtual desktops (if available) using RDP.
Endpoint security host checker will launch to ensure remote devices meet the security requirements, deny connection if host check failed
User/Browsing Toolbar (can be turned on/off,
click on the Home icon will
return to this page) Logo
Browser Bar (can be turned on to allow users to enter URLs)
Customized web bookmarks for Internal/External webpages, TSWeb, Citrix MetaFrame and web-based
applications (users can add personal bookmarks if needed, the feature is disabled since it requires additional overhead and may have a performance impact on the SSL VPN device Welcome
message
Windows/Unix Files (customized file share/
access bookmarks)-click to see/open some
sample files with various file type.
Terminal Services (allow user to RDP to user’s workstation, servers and TS applications) Client Application Panel (include Network Connect using Junos Pulse client for Ipsec-like
layer 3 network access, Java Secure Application Manager and Windows Secure Application Manager for Client/Server applications) Virtual Desktops panel (RDP to Virtual Desktops if available)
Using Dynamic Bookmark and Single Sign-on (SSO) to RDP to user’s workstatiSign-ons/ servers without prompting for username
and password again
