Attachmate Worldwide  |   Contact Us  |   The Attachmate Group
Extend. Manage. Secure. More than 30 years in the business. Over 65,000 customers.

Technical Notes

Reflection for the Web and Juniper Networks Secure Access SSL VPN
Technical Note 1832
Last Reviewed 02-Jun-2011
Applies To
Reflection for the Web 2011 (All Editions)
Reflection for the Web 2008 (All Editions)
Summary

This technical note provides steps for configuring a Juniper Networks SA Series SSL VPN appliance, running the Instant Virtual Extranet (IVE) operating system version 6.0 or higher platform, to work with Reflection for the Web.

For information about Juniper Networks (formerly Neoteris, then NetScreen) and the SA Series SSL VPN, visit Juniper Networks at http://www.juniper.net.

Note: Reflection for the Web 2008 R2 does not support SSH and SFTP connections. This issue has been resolved in Hotfix 27 or higher; upgrade to the current version.

Configuring Secure Access to work with Reflection for the Web

To work with Reflection for the Web, Juniper Networks Secure Access must be configured to allow users to run Java applets. Choose one of the two methods below to configure Juniper Networks Secure Access in your environment. Note: Method II provides more customization options.

Method I—Configure User Roles

  1. Open the Juniper Networks Secure Access Administrative Console.
  2. In the left-navigation menu, expand Users, and then click User Roles.
  3. Click the link for the role you want Reflection for the Web to be able to access, for example, Users.
  4. On the Web tab, click Options.
  5. Open Advanced Options and select the "Allow Java applets" check box.
  6. Click Save Changes.
  7. If you want to use a single sign-on option, continue with Configuring Single Sign-on.

Method II—Configure Resource Policies

  1. Open the Juniper Networks SA Series Administrative Console.
  2. In the left-navigation menu, expand Resource Policies, and then click Users > Roles > "Users" > Web > Java Access Control.
  3. Click New Policy.
  4. Enter/select the appropriate Name, Description, Resources, Roles, and Action information for your site. For example, your Java Access Policy might look like this:
    Setting
    Value
    Name
    Roles with opened Java Socket Access
    Description
    Java applets with full network connectivity except applicable policies defined above
    Resources
    *:* (any server on any port)
    Roles
    Users (assuming a role for “Users” is already defined)
    Action
    Allow socket access
  1. Click Save Changes.
  2. If you want to use a single sign-on option, continue with Configuring Single Sign-on.

Configuring Single Sign-on

You can configure Reflection for the Web (on a Secure Access platform) to use single sign-on through IIS or Windows Authentication. Follow the steps below.

  1. Open the Juniper Networks Secure Access Administrative Console. Under System, click Signing-In > Authentication/Authorization > Servers.
  2. Click New Server.
  3. On the Servers tab, select the appropriate server type (for example, Active Directory) from the options in the New drop-down menu, and then click New Server.
  4. Fill in the New Server form, and then click Save Changes.

Note: Make sure both Reflection for the Web and Secure Access are configured to use the same domain. See Technical Note 1876 for information about configuring Reflection for the Web for Single Sign-on.

Once configured, users can log into Juniper Networks Secure Access using their network domain account and Secure Access passes the credentials to Reflection for the Web. There is no separate Reflection for the Web login prompt.

Related Technical Notes
1876 Creating Reflection for the Web 2008 Single Sign-On Macros
9988 Reflection for the Web Technical Notes

horizontal line

Did this technical note answer your question?

           


Need further help? For technical support, please contact Support.