Junos Pulse Secure

Mark_Ballestero
New Contributor

HI Jamf Nation,

I am running into a weird issue in which installing Junos Pulse when installed manually is able to start and add connections just fine. However, when packaging the app in Composer using the normal snapshot method, and packaged as a DMG. Has anyone experienced this or know of a fix? I have attached screenshots below. Thanks!

I get the following error:

Failed to connect to the Pulse Secure service.

This is what it should look like, done with normal install
055b563158c54e42ab8e22977c80650d

This is after packaging with composer as a DMG using the snapshot method, Pulse Secure is turned off.
379a2673d4244b9f93a252075c0feacd

This is the error I receive when trying to add a connection from the DMG that was packaged.
598ecc7d055547aca916477a1c4abd02

59 REPLIES 59

sdagley
Honored Contributor III

@rastogisagar The Mac compliance settings for Pulse Secure are completely independent of Jamf Pro, but will likely utilize the presence of the Jamf software on your Mac as a compliance item. Unfortunately I do not have any documentation I can share with you on the subject. You really need to work with your Pulse Secure team, and probably Pulse Secure's technical support, to get the compliance check appropriate for your environment configured.

rastogisagar123
Contributor II

@sdagley No worries thanks a lot make sense, I need one expert advice fro you. I am going for Classroom 200 certification . Please suggest me how to prepare, any mock test or study material i need to go through

Sagar Rastogi

sdagley
Honored Contributor III

@rastogisagar Other than saying you should complete the online Jamf 100 course before taking the Jamf 200 course I don't have any specific advice on pre-course prep resources. Having completed your Jump Start, and having some hands on time with Jamf Pro would definitely help. I thought there were course specific resource references listed on the course description pages on the Jamf site, but I don't see those now, but they may be provided after you register. Take notes during the course, testing is (or at least used to be) open book, and for the 200 testing will pretty much be specific to material covered in the class. The 300 and 400 courses require deeper Mac knowledge and/or good search foo for Jamf Nation posts and Rich Trouton's blog on the subject in question.

sdagley
Honored Contributor III

@rastogisagar I found the Jamf course resources page I was thinking of: Course Resources

gachowski
Valued Contributor II

@sdagley

While I don't know all the details of the Cisco ISE integration, that is the "general" idea I tried to "sell" to Pulse Secure and was trying to get re-started again now. I don't think the server folks have to cede Mac compliance controls to Jamf... I just more controls than the Pulse offers, I am sort of sure that Pulse doesn't even do the checking I think it's a third party app that Pulse Secure runs inside Pulse. A true win would be the current Pulse checks plus Jamf Pro smart groups that way I can use EAs for even more checks.

C

nikjamf
New Contributor III

Hi, The above scripts are not working with new Pulse Secure 9.0.3 and we really do not need to copy the config file when we use DUO authentication when you log in to the VPN. I'll appreciate if anybody has a new workflow building the package and post-install script for the new version. Also, we need the kext and Team ID. The MDM protocol specifies a kernel extension policy:
To approve Pulse Secure kernel extension thru MDM and without user consent, please add the following keys to the MDM kernel extension policy described above:
Team Identifier = 3M2L5SNZL8
Bundle Identifier of kext = net.pulsesecure.PulseSecureFirewall Thanks in an advance!

gachowski
Valued Contributor II

@nikjamf

We are still using

/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand -importfile /temp location

And the same process as my 2016 post in this thread...

I just tested mins ago with yesterdays released Pulse 9.0r3.2-b1667 in our dev environment worked as it should...

C

Ram
New Contributor II

Hi @nikjamf , im new to mac packaging . Im looking for help packaging pulse secure 9.0.3 with composer . I'll appreciate if anyone can help me .

Thank you .

gachowski
Valued Contributor II

@Ram

You don't have to re-package Pulse, you can just upload the app... you just have run

/Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand -importfile /temp location

To preload the connections ...

C

PS there is 9.1 available

Ram
New Contributor II

@gachowski

Could you help me do this step by step to install pulse secure on mac devices from jamf . I really need help on this .

When i try to install manually on mac , it works without any issues and creates pulse secure folder in /Library/application support .

when uploading the same pkg to jamf, creating policy to make the pkg available in self service .

Trying to install the pkg its installing , but not working :(

There is only one log file inside Library/application support .

When opening pulse secure its throwing error as 'failed to connect to pulse secure service'

plz help

gachowski
Valued Contributor II

@Ram

No promises but this is what we do...

  1. Add Pulse.app straight to Jamf Pro
  2. Download from your Pulse Server a custom components.jnprpreconfig file (this is just a .sh changed to .jnprpreconfig) but you have to follow the Pulse directions so you get the correct info in the file.
  3. Use composer to build a .pkg to store the components.jnprpreconfig in a temp location of your choice
  4. Install both the app and the components.jnprpreconfig file on the machine
  5. Using a 3rd script before you launch Pulse run /Applications/Pulse Secure.app/Contents/Plugins/JamUI/jamCommand -importfile / "temp location of your components.jnprpreconfig"

  6. Delete the components.jnprpreconfig file as it's plain text and has all your wifi info..

Old but still current I think..

https://www.juniper.net/documentation/software/pulse/guides/j-pulse-3.0R1-adminguide.pdf

https://community.pulsesecure.net/t5/Pulse-Connect-Secure/Where-to-obtain-jnprpreconfig-for-preconfigured-installation/td-p/5758

C

Ram
New Contributor II

@gachowski thanks a lot for your reply !

Much helpful :)

csanback
New Contributor III

we do what @gachowski describes

Winterpil
New Contributor

@gachowski Do you have a link to 9.1?

gachowski
Valued Contributor II

@Winterpil

Sorry, you need an Pulse Secure account and then that account has to be linked to "your products" in their downloads section. Short version you still need to work with your network team.

: )

C

nikjamf
New Contributor III

gachowski, the workflow you provide does not work if you have multiple connections with DUO authentication.

We need to create a separate package Pulse Secure settings /connections/ and push first the settings and second package with the Pulse Secure.pkg file on the same Policy. That works with 9.0.3 version but not with 9.1.2 (901) unless you do not go as an update with Self Service. Do not forget the Team ID and kext. configuration profile Now we are looking for 9.1.2 solutions.

gachowski
Valued Contributor II

@nikjamf f]

Sorry, I'm lost ... We have locations all over the globe and they all require Duo. We only have one components.jnprpreconfig. and that list all the endpoints that user can remote to. USA west coast, USA East Coast UK, India.................

C

scottb
Honored Contributor

Same as above ^^^
One file, I build a pkg to drop the config file into /tmp (or other place) and then the installer runs.
Postinstall .sh to import the config file and boom, yer done.

Bhughes
Contributor

@nikjamf could you elaborate on this?

gachowski, the workflow you provide does not work if you have multiple connections with DUO authentication. We need to create a separate package Pulse Secure settings /connections/ and push first the settings and second package with the Pulse Secure.pkg file on the same Policy. That works with 9.0.3 version but not with 9.1.2 (901) unless you do not go as an update with Self Service. Do not forget the Team ID and kext. configuration profile Now we are looking for 9.1.2 solutions.

I am having some trouble with 9.1.2 where the config isnt working (we use multiple connections).

Dr_Jones
New Contributor III

Still the best guide. https://derflounder.wordpress.com/2015/03/13/deploying-a-pre-configured-junos-pulse-vpn-client-on-os-x/