Juniper SSL

This VPN connection type is supported on iOS, macOS, Android and Windows devices.

Ivanti recommends that you use Pulse Secure SSL instead of Juniper SSL.

The Juniper SSL VPN type supports Juniper SSL VPN definitions created in previous versions of Core. Juniper SSL VPN definitions are routed to the Pulse Secure VPN client. Use the type for new VPN definitions.

Use the following guidelines to configure Juniper SSL VPN.

Proxy - None (default)
Proxy - Manual
Proxy - Automatic

Within these selections, you may make settings for:

Custom Data

Proxy - None (default)

Use the following guidelines to configure a Juniper SSL VPN without a proxy.

Table 1. Proxy - None settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select Juniper SSL.
Samsung Knox	Select this option to use per-app VPN (either inside or outside the Knox Workspace) or per-container VPN. A Samsung Knox license is required. A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device. This setting is ignored on non-Android devices.
Deploy inside Knox Workspace	Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data. This option is available only if you select the Samsung Knox option. See: •Configuring VPN modes when VPN client is outside the Knox container •KNOX VPN Support
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	None is the default setting. Proxy is not supported on Android devices.
Username	Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
Role	Specify the Juniper user role to use as a restriction.
Realm	Specify the Juniper realm to use as a restriction.
VPN On Demand	On-Demand VPN is supported for Android only if the Samsung Knox and Per-app VPN checkboxes are selected. On Demand VPN for Android means that the Juniper SSL VPN connection is activated only when an app associated with it is launched. When all apps associated with this VPN connection type are stopped, VPN is disconnected. Select to enable VPN On Demand.
Per-app VPN	Select Yes to create a per-app VPN setting. An additional license may be required for this feature. The Provider Type field displays. You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting. You can enable per-app VPN for an app when you: •add the app in the App Catalog. •edit an in-house app or an App Store app in the App Catalog. When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list. See the Core Apps@Work Guide for information about how to add or edit apps.
Provider Type	This setting applies to iOS and macOS devices only.

Continue to Custom Data.

Proxy - Manual

Use the following guidelines to configure a Juniper SSL VPN with a manual proxy.

Table 2. Proxy - Manual settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select Juniper SSL.
Samsung Knox	Select this option to use per-app VPN (either inside or outside the Knox Workspace) or per-container VPN. A Samsung Knox license is required. A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device. This setting is ignored on non-Android devices.
Deploy inside Knox Workspace	Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data. This option is available only if you select the Samsung Knox option. See: •Configuring VPN modes when VPN client is outside the Knox container •KNOX VPN Support
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Proxy is not supported on Android devices.
Proxy Server	This setting is not supported on Android devices.
Proxy Server Port	This setting is not supported on Android devices.
Type	This setting is not supported on Android devices.
Proxy Server User Name	This setting is not supported on Android devices.
Proxy Server Password	This setting is not supported on Android devices.
Proxy Domains (iOS only)	This setting applies to iOS and macOS devices only.
Username	Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
Role	Specify the Juniper user role to use as a restriction.
Realm	Specify the Juniper realm to use as a restriction.
VPN On Demand	On-Demand VPN is supported for Android only if the Samsung Knox and Per-app VPN checkboxes are selected. On Demand VPN for Android means that the Juniper SSL VPN connection is activated only when an app associated with it is launched. When all apps associated with this VPN connection type are stopped, VPN is disconnected. Select to enable VPN On Demand.
Per-app VPN	Select Yes to create a per-app VPN setting. An additional license may be required for this feature. The Provider Type field displays. You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting. You can enable per-app VPN for an app when you: •add the app in the App Catalog. •edit an in-house app or an App Store app in the App Catalog. When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list. See the Core Apps@Work Guide for information about how to add or edit apps.
Provider Type	This setting applies to iOS and macOS devices only.

Continue to Custom Data.

Proxy - Automatic

Use the following guidelines to configure a Juniper SSL VPN with an automatic proxy.

Table 3. Proxy - Automatic settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select Juniper SSL.
Samsung Knox	Select this option to use per-app VPN (either inside or outside the Knox Workspace) or per-container VPN. A Samsung Knox license is required. A VPN setting with this option selected cannot be successfully applied to a non-Samsung Android device. This setting is ignored on non-Android devices.
Deploy inside Knox Workspace	Select this option to deploy the VPN client app inside the Knox Workspace (container). Deploying the app inside the container means that the Knox security platform protects the app and its data. This option is available only if you select the Samsung Knox option. See: •Configuring VPN modes when VPN client is outside the Knox container •KNOX VPN Support
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Proxy is not supported on Android devices.
Proxy Server URL	This setting is not supported on Android devices.
Proxy Domains (iOS only)	This setting applies to iOS and macOS devices only.
Username	Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
Role	Specify the Juniper user role to use as a restriction.
Realm	Specify the Juniper realm to use as a restriction.
VPN On Demand	On-Demand VPN is supported for Android only if the Samsung Knox and Per-app VPN checkboxes are selected. On Demand VPN for Android means that the Juniper SSL VPN connection is activated only when an app associated with it is launched. When all apps associated with this VPN connection type are stopped, VPN is disconnected. Select to enable VPN On Demand.
Per-app VPN	Select Yes to create a per-app VPN setting. An additional license may be required for this feature. The Provider Type field displays. You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting. You can enable per-app VPN for an app when you: •add the app in the App Catalog. •edit an in-house app or an App Store app in the App Catalog. When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list. See the Core Apps@Work Guide for information about how to add or edit apps.
Provider Type	This setting applies to iOS and macOS devices only.

Continue to Custom Data.

Custom Data

Add+ - Click to add a new key / value pair.
Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.