Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Juniper SSL VPN and UAC Host Checker Issue - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Juniper SSL VPN and UAC Host Checker Issue

A few readers have written asking about odd denials when trying to use Juniper VPNs.  Turns out they released a Product Support Notification (subscription required) about their host check feature which fails on endpoints that have a local date set 12/31/2013 or later.  There are working on a fix but as a workaround, you can change the local date on the PC, disable host checker verification all together or create a manual host checker process that disables checking firewall, anti-virus and/or anti-spyware predefined checks.  Juniper plans to release a fix some time between 12/31 and 1/3/14.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

John

248 Posts
ISC Handler
ESAP v2.5.1 is now available and we successfully tested it on firmware v7.4.
Anonymous
Posts
It's been fixed. From the KB Article:

Update 12/31/2013 : 10:30 AM PST: Juniper engineering has fixed the issue and is made available via ESAP 2.5.1 release now available on the Support Site for download on ESAP Software Download Page. Please upgrade the ESAP package on the SA or IC device to mitigate this issue. Refer to the Admin Guide for your product for information/steps on How to Upgrade the ESAP package.
oleksiy

34 Posts Posts
And to all of you folks who let your Juniper support lapse, well, Not So Happy New Year. :-(

I wonder if Juniper will do the right thing and make the download freely available. After all, this product was not sold on a subscription basis.
Anonymous
Posts
Have you contacted Juniper Support on this. Following is their contact information:

http://www.juniper.net/support/requesting-support.html
Anonymous
Posts
Thanks for mentioning how to clear out Juniper SSL VPN and UAC host checker issue. I'm being using same VPN service and I like to communicate with the Juniper customer care directly to resolve any problem regarding VPN related problem. I think it's a faster way to get solvency. There is another place name http://www.bestvpnsolution.com/ where you can actually find various virtual networking related problem solutions.
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!