Technical Notes

Reflection for the Web and Juniper Networks Secure Access SSL VPN
Technical Note 1832
Last Reviewed 07-Nov-2005
Applies To
Reflection for the Web 2008 (All Editions)
Reflection for the Web version 8.0 through 9.6
Summary

This technical note provides steps for configuring a Juniper Networks Secure Access SSL VPN appliance, running the Instant Virtual Extranet (IVE) operating system version 4.1 or higher platform, to work with Reflection for the Web.

For information about Juniper Networks (formerly Neoteris, then NetScreen) and the Secure Access SSL VPN, visit Juniper Networks at http://www.juniper.net.

Note the following:

• Reflection for the Web versions 8.0 does not support secure sessions through Juniper Networks Secure Access SSL VPN. For security proxy session support, upgrade to Reflection for the Web 8.0.505 or higher.
• Reflection for the Web version 9.01 does not support Juniper Networks Secure Access. To use Reflection for the Web in this environment, use Reflection for the Web version 9.0, 9.5, 9.6, or Reflection for the Web 2008.

Configuring Secure Access to work with Reflection for the Web

To work with Reflection for the Web, Juniper Networks Secure Access must be configured to allow users to run java applets. Choose one of the two methods below to configure Juniper Networks Secure Access in your environment. Note: Method II provides more customization options.

Method I—Configure User Roles

1. Open the Juniper Networks Secure Access Administrative Console.
2. In the left-navigation menu, expand Users, and then click Roles.
3. Click the link for the role you want Reflection for the Web to be able to access.
4. On the Web tab, click Options.
5. Select the "Allow Java applets" check box.
6. Click Save Changes.
7. If you want to use a single sign-on option, continue with Configuring Single Sign-on.

Method II—Configure Resource Policies

1. Open the Juniper Networks Secure Access Administrative Console.
2. In the left-navigation menu, expand Resource Policies, and then click Web > Java Access Control.
3. Click New Policy.
4. Enter/select the appropriate Name, Description, Resources, Roles, and Action information for your site. For example, your Java Access Policy might look like this:

Setting	Value
Name	Roles with opened Java Socket Access
Description	Java applets with full network connectivity except applicable policies defined above
Resources	*:* (any server on any port)
Roles	Users (assuming a role for “Users” is already defined)
Action	Allow socket access

5. Click Save Changes.
6. If you want to use a single sign-on option, continue with Configuring Single Sign-on.

Configuring Single Sign-on

You can configure Reflection for the Web (on a Secure Access platform) to use single sign-on through IIS or Windows Authentication. Follow the steps below.

1. Open the Juniper Networks Secure Access Administrative Console. Under System, click Signing-In > Authentication/Authorization > Servers.
2. Click New Server.
3. On the Servers tab, select the appropriate server type (for example, Active Directory) from the options in the New drop-down menu, and then click New Server.
4. Fill in the New Server form, and then click Save Changes.

Once configured, users can log into Juniper Networks Secure Access using their network domain account and Secure Access passes the credentials to Reflection for the Web. There is no separate Reflection for the Web login prompt.

Known Issue: FTP File Transfer

Reflection for the Web's FTP file transfer feature does not work through Juniper Networks. This applies to both FTP and FTP through a security proxy. This issue has been reported to Juniper.

Related Technical Notes

9988	Reflection for the Web Technical Notes