Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Kristian August Mowincke » Thu, 17 Mar 2005 21:03:17



Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Has anybody experience with this animal?

Is it a windows only solution?

Greetings,

Kristian August Mowinckel

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Matt Payto » Fri, 18 Mar 2005 07:30:01



> Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

> Has anybody experience with this animal?

Yes, quite a bit...

Quote:

> Is it a windows only solution?

No, not Windows only.  But some of it's features are...Strange, since it's
base OS is Linux...

Is there something specific you'd like to know ?  I have spent quite a bit
of time getting familiar with the Neoteris, and what it can and cannot
do, including what does/doesn't work on client platforms other than Win32.

Quote:

> Greetings,

And to you :-)

--
- Matt -

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Kristian August Mowincke » Fri, 18 Mar 2005 23:34:35





>> Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients
>> Has anybody experience with this animal?
> Yes, quite a bit...
>> Is it a windows only solution?
> No, not Windows only.  But some of it's features are...Strange, since it's
> base OS is Linux...
> Is there something specific you'd like to know ?  I have spent quite a bit
> of time getting familiar with the Neoteris, and what it can and cannot
> do, including what does/doesn't work on client platforms other than Win32.

In the following the terminal session I am speaking of is one inside a web
browser window.

I tried to log on to a windows 2003 server sessesion from:
1) windows 2003 server(inside vmware): Seems to work, when I am logged in as
administrator(a nesoteris program gets installed

2) windows XP (inside vmware): As administrator: the software are installed,
but the terminal session never gets initiated. It hangs until there is  some
kind of timeout.

 3) Linux: After I try to connect to the terminalsession it stopps where the
download of the software normally takes place.

Du you have an explanation?

Where can I get hold of manuals Netreen-SA 1000 + nesoteris?

How does this netscreen/nesoteris combination really function.

windows program inside linux box???

Thank you very much for answering me!

Kristian August Mowinckel

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Matt Payto » Sat, 19 Mar 2005 03:30:02






>>>Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients
>>>Has anybody experience with this animal?

>>Yes, quite a bit...

>>>Is it a windows only solution?

>>No, not Windows only.  But some of it's features are...Strange, since it's
>>base OS is Linux...
>>Is there something specific you'd like to know ?  I have spent quite a bit
>>of time getting familiar with the Neoteris, and what it can and cannot
>>do, including what does/doesn't work on client platforms other than Win32.

> In the following the terminal session I am speaking of is one inside a web
> browser window.

> I tried to log on to a windows 2003 server sessesion from:
> 1) windows 2003 server(inside vmware): Seems to work, when I am logged in as
> administrator(a nesoteris program gets installed

> 2) windows XP (inside vmware): As administrator: the software are installed,
> but the terminal session never gets initiated. It hangs until there is  some
> kind of timeout.

>  3) Linux: After I try to connect to the terminalsession it stopps where the
> download of the software normally takes place.

> Du you have an explanation?

So, you're trying to use Windows Terminal Services ?  The RDP protocol ?
  Assuming that is the case, I think the client that's used is installed
via ActiveX, which is Windows only.  So the Terminal Services feature
would be Windows only.

If you purchased the Secure Application Manager upgrade, you could
tunnel rdp using java, and use rdesktop to connect to the Terminal
Services on the other side through that tunnel.

Quote:> Where can I get hold of manuals Netreen-SA 1000 + nesoteris?

Do you have an active support contact with them ?  The manuals for the
latest version are available after logging into their support site...But
I think you need a contract to get a login.

If you don't have a support contract, I can email the admin guide to
you.  I don't see any harm in that :-)
It's in pdf format.
What version of the OS are you running ?
Is the email you used to post valid ?  If not, where can I send it to ?

Quote:> How does this netscreen/nesoteris combination really function.

It tunnels traffic through ssl.  So it acts as a kind of go-between for
external clients, and machines behind a firewall.
Straight http traffic is supported directly through a browser.  Anything
else may be tunneled through either Java ( Cross platform ) or ActiveX (
Windows only ) *if* you purchased the appropriate upgrades to the
Neoteris/Juniper.
There are about 3 major features that are ActiveX/Windows only.  But a
fair amount of things *do* work through java, and are therefore
cross-platform.

One thing that would work on Linux is VNC via http.  I have used that
quite a bit from my Linux box at home.  Another is the Citrix tunneling.

Quote:> windows program inside linux box???

Not really...They market it as a "Clientless VPN".  It isn't, really.
It just uses software that may already be installed as the VPN client
software - A Web browser, Java and ActiveX plugins ( on Windows clients ).

So if you have client software that will run on Linux, it can probably
be tunneled through the Neoteris.
A simple example, Groupwise...
We use it at work for our corporate email.  Groupwise talks over port
1677.  At home I installed the Linux version of the Groupwise client.  I
then set up a profile on Neoteris to create a tunnel from the client
side, through the Neoteris, to our Groupwise server on port 1677.  So I
login to the Neoteris from my Linux machine, launch my groupwise client,
and have it configured to talk through the tunnel created by Neoteris.
This set up uses my browser to login to Neoteris( Firefox ), java to
tunnel application data, and a locally installed groupwise client.

--
- Matt -

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Matt Payto » Sun, 20 Mar 2005 03:00:01



> 2) windows XP (inside vmware): As administrator: the software are installed,
> but the terminal session never gets initiated. It hangs until there is  some
> kind of timeout.

Sorry, missed this before...

Probably running Service Pack 2 on the XP machine, yes ?  Look here :
http://support.microsoft.com/default.aspx?scid=kb;%5bLN%5d;884020

There is a known issue with Xp SP2 and alot of the functionality of the
Neoteris.  The Hotfix available at the above links solves them...

--
- Matt -

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Kristian August Mowincke » Sun, 20 Mar 2005 20:40:06



Quote:> There is a known issue with Xp SP2 and alot of the functionality of the
> Neoteris.

Thank you very much that solved the problem.
You have really helped us a lot.
Currently this netscreen 1000/nesoteris box is under evaluation.

Sorry to bother you with  another question, but how can
I get the the windows terminal client to work from linux?
(actually am writing this inside a windows terminal client inside a
ms-explorer browser inside a vmware virtal machine inside a linux-box!!!)

Regards,

Kristian August Mowinckel

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Matt Payto » Sun, 20 Mar 2005 22:00:00





>> There is a known issue with Xp SP2 and alot of the functionality of the
>> Neoteris.

> Thank you very much that solved the problem.
> You have really helped us a lot.

Happy to be of assistance...

Quote:> Currently this netscreen 1000/nesoteris box is under evaluation.

So, you probably have all the options enabled...I think that's how they
ship them for eval.  That's good, since you'll be able to test all
features.
For linux client side machines you'll want to look at the JSAM - Java
Secure Application Manager.  This will work on MS clients as well...But
the other version, the WSAM ( Windows Secure Application Manager ) is
Win32 client only.

Quote:

> Sorry to bother you with  another question, but how can I get the the
> windows terminal client to work from linux? (actually am writing this
> inside a windows terminal client inside a ms-explorer browser inside a
> vmware virtal machine inside a linux-box!!!)

The terminal client that's shipped with the neoteris won't work on
Linux...It's ActiveX, which only works on Windows.  
But, you can use the JSAM to tunnel rdp traffic from the client side,
through the Neoteris, to a Terminal Server on the other side.  Then use
rdesktop on the linux box to connect through that tunnel.  This is less
convienient, but should work. You'll also have to watch out for the login
used on the Linux client...Much of the more advanced functionality
requires root/admin privledges.

Anyway, good luck.  Overall, we've had a pretty good experience with the
Neoteris.  It's not perfect, but does make some things much easier...

--
- Matt -

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Kristian August Mowincke » Tue, 22 Mar 2005 23:56:13







> For linux client side machines you'll want to look at the JSAM - Java
> Secure Application Manager.  This will work on MS clients as well...But
> the other version, the WSAM ( Windows Secure Application Manager ) is
> Win32 client only.
> But, you can use the JSAM to tunnel rdp traffic from the client side,
> through the Neoteris, to a Terminal Server on the other side.  Then use
> rdesktop on the linux box to connect through that tunnel.  This is less
> convienient, but should work. You'll also have to watch out for the login
> used on the Linux client...Much of the more advanced functionality
> requires root/admin privledges.

I have tried to connect to the terminalserver from linux,
but I can't seem to download the j-sam  library from the nesoteris box.
How do I accomplish this?
And how dow I set up a tunnel to the rdp terminalserver?

linux-rdpclient<----> j-sam-tunnel <---> windows-terminal-server

Regards,

Kristian August Mowinckel

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Matt Payto » Wed, 23 Mar 2005 08:30:02








>> For linux client side machines you'll want to look at the JSAM - Java
>> Secure Application Manager.  This will work on MS clients as well...But
>> the other version, the WSAM ( Windows Secure Application Manager ) is
>> Win32 client only.
>> But, you can use the JSAM to tunnel rdp traffic from the client side,
>> through the Neoteris, to a Terminal Server on the other side.  Then use
>> rdesktop on the linux box to connect through that tunnel.  This is less
>> convienient, but should work. You'll also have to watch out for the login
>> used on the Linux client...Much of the more advanced functionality
>> requires root/admin privledges.

> I have tried to connect to the terminalserver from linux,
> but I can't seem to download the j-sam  library from the nesoteris box.

There isn't anything to download with jsam...It just uses java on the
client side to tunnel traffic to the machines/ports specified on the IVE
for a particular "Role"

Quote:> How do I accomplish this?

Create a Role on the IVE that uses jsam.
- login to the admin interface
- Select "Roles" under the Users menu
- Click "New Role"
- Give it a name
- Click on Secure Application manager check box and Java Version Radio
button under Access Features
- Click Save Changes
- Click on the "SAM" tab for your new role, then "options" under SAM
- Check on "Auto-Launch Secure Application Manager" check box and "Auto
Allow Application Servers" check box
- Click "Save Changes"

Quote:> And how dow I set up a tunnel to the rdp terminalserver?

Add an application to the Role you created above
- Go back to the "Applications" section in the SAM tab of the role
- Click "Add Application"
- Give it a name
- Under Application type make sure "Custom Application" is selected under
"Application Type"
- In the "Server name" field enter the IP of the Terminal Services server
- In the "Server Port" field enter 3389 ( the port rdp uses )
- Leave the client loopback and client port fields blank
- Click Save Application

Quote:

> linux-rdpclient<----> j-sam-tunnel <---> windows-terminal-server

On the client side make sure you have java installed, and ( assuming Linux
) rdesktop - http://www.rdesktop.org/
- Login to the IVE from your linux box with a account that will get the
Role assigned that you just created.
- Make sure the JSAM launches a second ( smaller ) browser pop-up window
- Click the details tab of the smaller broswser window and check what
local client address the jsam used to bind to port 3389 - It will be in
the loopback range, 127.0.x.x.
- Open RDesktop and have it connect to the loopback address that the jsam
bound port 3389 to

So, for example, if the jsam bound port 3389 to 127.0.10.10, you would
tell rdesktop to connect to 127.0.10.10:3389, which would be tunneled
through the IVE to the server on the other side.

There are also ways to use hostnames instead of ip addresses, and to make
sure the jsam always uses a specific address to bind a port to.  Read the
documentation for how the specifics of this work.  If you don't have
access to the admin guide, call Juniper support + tell them you won't buy
it unless you get a copy of the admin guide first.
Or, better yet, ask the vendor that is letting you eval this thing for
some tech support. When we evaled ours, Neoteris sent in a tech to help us
with the initial set up, and he went over all thses things.  If your
vendor isn't willing to do that, find a new vendor...Many companies sell
Juniper, and the IVE is decent product...So it may very well be worth the
effort to get it going.

--
- Matt -

 
 
 

Juniper Netscreen-SA 1000/neotetis SSL web -terminal and linux klients

Post by Kristian August Mowincke » Thu, 24 Mar 2005 04:01:33


I followed you recipy and voila!

Thank you very much!!!

Now works as dream on linux too!

Best regards from,

Kristian August Mowinckel