Code upgrade possibly? If the web SSL VPN software is Java based, I would look at that also,
Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Webster [mailto:[email protected]] Sent: Thursday, May 24, 2012 10:00 AM To: NT System Admin Issues Subject: RE: SSL-VPN issues since May Patch Tuesday? A very large enterprise customer I am doing some work for also has Juniper SSL-VPN stuff. "something" has happened recently to make using the VPN stuff worthless. They now have me going thru some web SSL-VPN software and I can actually work now. They said something has caused their Juniper stuff to peg at 99% and they haven't figured it out. All this has happened in the last 2 to 3 weeks. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com <http://www.carlwebster.com/> From: Richard McClary [mailto:[email protected]] Subject: SSL-VPN issues since May Patch Tuesday? Greetings! We have four "work from home" users who connect to our applications through an SSL-VPN. After well over a year of successful operation, things have broken the past couple of weeks... The devices are all Juniper SA- series SSL-VPN, and users load and run the "Network Connect" resource. (This makes the remote user's desktop to be treated as if it is a part of our LAN.) We have two hardware versions - SA-2000 in Illinois and SA-4500 in New York. We have two firmware versions - 6.4 in NYC and on one unit in IL; 7.1 on one unit in IL. The users are in 4 geographic areas - Pittsburgh, PA; Chicago, IL; St. Louis, MO; and central Iowa. Our users connect, load their applications, and begin working as usual (albeit recently the initial access to the web page login has been timing out). Then frequently, after 5-10 minutes of work, the connection to their server for applications (that is, the VoIP controller for their local telephone client; connection to the databases for their local medical records application, etc) will break. This is regardless of logging into the IL-6.4 appliance, the IL-7.1 appliance, or the NYC-6.4 appliance. Juniper has been collecting logs from both the SSL-VPN devices and the user's client logs, and they are finding nothing conclusive. Furthermore, when a "disconnected" client runs a tracert job to the VoIP or database service, the first hop is to the SSL-VPN, then on to the destination server. Yet their connection in the application breaks. The only thing we can figure which has changed the past couple of weeks is MS patching or perhaps GFI VIPRE definitions. (If VIPRE were breaking things, then our admins should be getting notices about that, and they are not.) So, has anybody (else) heard reports of SSL-VPN functions not working consistently after the recent set of MS patches (from May, 2012)? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
