Appendix: Checklist for Preparing a Target Appliance

Block Type(which is distributed) (Names as in Pulse One Console)	Requires Preparation of (which is not distributed)(Names as in Appliances Menu	Sample Log Messages	How to Prepare the Target Appliance
Client > Components	Pulse Secure Client > Pulse Secure Versions	Import of configuration from Pulse One returned an Error: [/users/junos-pulse/component-settings/client-version-settings/active-version] Invalid reference: no ‘Client Version’ object found with identifier ‘5.2.1.226’.	Navigate to Pulse Secure Client > Components. Upload the required Pulse Client version.
	Endpoint Security > Host Checker > ESAP Versions		Navigate to Authentication > Endpoint Security > Host Checker. Upload the required ESAP package.
Auth > Realms > Admin, Auth > Realms > User	Auth. Servers (Local Auth Servers are not distributed)		Configure the Local Auth Server
Policies > Tunneling > Bandwidth Mgmt	Network > Internal Port, Network > External Port, Network > Management Port	Import of configuration from Pulse One returned an Error: [/users/resource-policies/network-connect-policies/network-connector-bandwidth-policy[name=vpm-tun-bandwidth-policy]] Bandwidth Management Not Enabled! The VPN Tunnels Maximum Bandwidth must be configured on the network overview page.	On the network overview page configure VPN Tunnels Maximum Bandwidth.
Policies > Web > Client Auth	Configuration > Certificates	Import of configuration from Pulse One returned an Error: [/users/resource-policies/web-policies/client-authentications/client-authentication [name=client-auth-policy,parent-type=none]/certificate] Invalid reference: no ‘Client Auth Certificate’ object found with identifier ‘qa.pulsesecure.net’.	Configure the appropriate CA certificate under System > Configuration > Certificates
Policies > Web > Client Auth	Resource Policies > Email Client		An SAnnnn (for example, SA6500), if it has been configured with Resource Policies > Email Client, should not be a master appliance.
Policies > Web > Compression	Options		On the Options page select “Enable gzip compression”
Policies > Web > Java Code Signing	Configuration > Certificates > Code-signing Certificates		Save the policy with the default code-signing certificates.
Policies > Web > PTP	Network > Overview	Import of configuration from Pulse One returned an Error: [/users/resource-policies/web-policies/ptp[application=ptp_policy_2,parent-type=none]] Please specify the IVE hostname on the Network Settings page under Network Identify.	Configure a valid hostname under System > Network > Overview.
Policies > Secure Email	Network > Overview	Import of configuration from Pulse One returned an Error: [/users/resource-profiles/mobile/secure-mail-profiles/secure-mail-profile[virtual-hostname=myhost.myco.com]] Please specify the IVE hostname on the Network Settings page under Network Identify	Configure a valid hostname under System > Network > Overview.
Security	Network Settings > Internal Port > Virtual Port	Import of configuration from Pulse One returned an Error: [/system/configuration/security/ssl-options] Virtual port number virtual_internal is not a valid Virtual Port
Network Settings > External Port > Virtual Port	Import of configuration from Pulse One returned an Error: [/system/configuration/security/ssl-options] Virtual port number virtual_external is not a valid Virtual Port
SAML Auth-Server	System > Configuration > SAML > Settings		Configure a valid “Host FQDN for SAML” on the System > Configuration > SAML > Settings page.
Signing in > Sign-in SAML	System > Configuration > SAML > Settings	Import of configuration from Pulse One returned an Error:[/authentication/signin/saml/identity-provider/sp-default-configuration/source-id] Modification of this attribute is not allowed.	Configure a valid “Host FQDN for SAML” on the System > Configuration > SAML > Settings page.
(PPS) Policies > Enforcer > Access	Policies > Enforcer > Connection	Import of configuration from Pulse One returned an Error: Failed to resolve path references. Import of configuration from Pulse One returned an Error:[/uac/infranet-enforcer/resource-access-policies/resource-access-policy[name=enforcer_access_policy]/infranet-enforcer] Invalid reference: no ‘Infranet Enforcer’ object found with identifier ‘screenOS1’.
(PPS) Policies > Enforcer > Auth Table Mapping	Policies > Enforcer > Connection	Import of configuration from Pulse One returned an Error: Failed to resolve path references. Import of configuration from Pulse One returned an Error:[/uac/infranet-enforcer/auth-table-mapping-policies/auth-table-mapping[name= auth_table_mapping_policy]/infranet-enforcer] Invalid reference: no ‘Infranet Enforcer’ object found with identifier ‘screenOS1’.
(PPS) Policies > Enforcer > IP Address Pools	Policies > Enforcer > Connection	Import of configuration from Pulse One returned an Error: Failed to resolve path references. Import of configuration from Pulse One returned an Error:[/uac/infranet-enforcer/ip-address-pools-policies/ip-address-pools-policy[name= ip_pool_policy]/infranet-enforcer] Invalid reference: no ‘Infranet Enforcer’ object found with identifier ‘screenOS1’.
(PPS) Policies > Enforcer > IPSec Routing	Policies > Enforcer > Connection	Import of configuration from Pulse One returned an Error: Failed to resolve path references. Import of configuration from Pulse One returned an Error:[/uac/infranet-enforcer/ipsec-routing-policies/ ipsec-routing -policy [name= ipsec_policy]/infranet-enforcer] Invalid reference: no ‘Infranet Enforcer’ object found with identifier ‘screenOS1’.
(PPS) Policies > Enforcer > Source Interface	Policies > Enforcer > Connection	No error message. Enforcer is a required field for Source Interface Policy.
Pulse Secure Client > Connections	System > Configuration > Certificates > Trusted Server CAs	Import of configuration from Pulse One returned an Error:[/users/junos-pulse/connection-sets/connection-set[name=PPS_PCS_Combo]/connections/connection [name=L2_Connection_WIRED]/trusted-servers/trusted-server[dn=ANY,ca=PMDRoorCA]/ca] Invalid reference: no ‘Trusted Server CA’ object found with identifier ‘PMDRootCA’.	Configure the appropriate ‘Trusted Server CA’ under System > Configuration > Certificates > Trusted Server CAs, by importing the ‘Trusted Server CA’.
(PPS) Auth > Realms > Users	Endpoint Policy > Network Access > Radius Attributes	Import of configuration from Pulse One returned an Error:[/users/user-realms/realm[name=TestRealm1]/authentication-policy/radius-request-attributes-policies/selected-policies] Invalid reference: no ‘RADIUS Request Attributes Policy’ object found with identifier ‘2nd Request Policy’.	Configure the appropriate ‘RADIUS Request Attributes Policy’ under Endpoint Policy > Network Access > Radius Attributes.

Client > Components

Pulse Secure Client >
Pulse Secure Versions

Import of configuration from Pulse One returned an Error: [/users/junos-pulse/component-settings/client-version-settings/active-version] Invalid reference: no ‘Client Version’ object found with identifier ‘5.2.1.226’.

Navigate to Pulse Secure Client > Components. Upload the required Pulse Client version.

Endpoint Security > Host Checker > ESAP Versions

Navigate to Authentication > Endpoint Security > Host Checker. Upload the required ESAP package.

Auth > Realms > Admin, Auth > Realms > User

Auth. Servers
(Local Auth Servers are not distributed)

Configure the Local Auth Server

Policies > Tunneling > Bandwidth Mgmt

Network > Internal Port,
Network > External Port,
Network > Management Port

Import of configuration from Pulse One returned an Error: [/users/resource-policies/network-connect-policies/network-connector-bandwidth-policy[name=vpm-tun-bandwidth-policy]] Bandwidth Management Not Enabled! The VPN Tunnels Maximum Bandwidth must be configured on the network overview page.

On the network overview page configure VPN Tunnels Maximum Bandwidth.

Policies > Web > Client Auth

Configuration > Certificates

Import of configuration from Pulse One returned an Error: [/users/resource-policies/web-policies/client-authentications/client-authentication [name=client-auth-policy,parent-type=none]/certificate] Invalid reference: no ‘Client Auth Certificate’ object found with identifier ‘qa.pulsesecure.net’.

Configure the appropriate CA certificate under System > Configuration > Certificates

Policies > Web > Client Auth

Resource Policies > Email Client

An SAnnnn (for example, SA6500), if it has been configured with Resource Policies > Email Client, should not be a master appliance.

Policies > Web > Compression

Options

On the Options page select “Enable gzip compression”

Policies > Web > Java Code Signing

Configuration > Certificates > Code-signing Certificates

Save the policy with the default code-signing certificates.

Policies > Web > PTP

Network > Overview

Import of configuration from Pulse One returned an Error: [/users/resource-policies/web-policies/ptp[application=ptp_policy_2,parent-type=none]] Please specify the IVE hostname on the Network Settings page under Network Identify.

Configure a valid hostname under System > Network > Overview.

Policies > Secure Email

Network > Overview

Import of configuration from Pulse One returned an Error: [/users/resource-profiles/mobile/secure-mail-profiles/secure-mail-profile[virtual-hostname=myhost.myco.com]] Please specify the IVE hostname on the Network Settings page under Network Identify

Configure a valid hostname under System > Network > Overview.

Security

Network Settings > Internal Port > Virtual Port

Import of configuration from Pulse One returned an Error: [/system/configuration/security/ssl-options] Virtual port number virtual_internal is not a valid Virtual Port

Network Settings > External Port > Virtual Port

Import of configuration from Pulse One returned an Error: [/system/configuration/security/ssl-options] Virtual port number virtual_external is not a valid Virtual Port

SAML Auth-Server

System > Configuration > SAML > Settings

Configure a valid “Host FQDN for SAML” on the System > Configuration > SAML > Settings page.

Signing in > Sign-in SAML

System > Configuration > SAML > Settings

Import of configuration from Pulse One returned an Error:[/authentication/signin/saml/identity-provider/sp-default-configuration/source-id] Modification of this attribute is not allowed.

Configure a valid “Host FQDN for SAML” on the System > Configuration > SAML > Settings page.

(PPS) Policies > Enforcer > Access