Secure Virtual Workspace – Juniper SSL
Steps to configure Secure Virtual Workspace in Juniper SSL VPN.
As per Juniper, the Secure Virtual Workspace guarantees the integrity of Secure Access session data on a client machine by creating a protected workspace on the client desktop.By enabling the Secure Virtual Workspace, you ensure that any end-user signing in to your intranet must perform all interactions within a completely protected environment. If the user’s applications and interactions result in data being written to disk or to the registry, the Secure Virtual Workspace encrypts that information. When the Secure Access session is complete, the Secure Virtual Workspace destroys all information pertaining to itself or to the session, by default. However, you can configure the state of this type of information to suit your particular needs.
- Login to the SSL device and navigate to Endpoint Security -> Secure Virtual Workspace
- Create a new Secure Virtual Workspace Policy. You will define what access the client will have once connected to the SVW here, as shown below. Give the SVW policy and name and configure required parameters.
- Now if required, we can create a new Realm for the SVW. To do so, follow the below steps.
- Give a name to the new Realm and select the authentication that you will use. For local users authentication, users must be created in Auth.Servers -> Local
- Now go to Authentication Policy -> Host Checker, in the newly created realm and select the SVM parameters, as shown below. Select “Evaluate Policy” so that the actual authentication happens inside the SVW once the user tries to login.
- We now need to map this realm to a role. If you have a role then map it else create one ass shown below.
- Give a name to the role and enable the features that you want.
- In the newly created role, navigate to the part sh0wn and add the SVW host checker policy
- Now map this role to the created realm. In the Role Mapping option select “New Rule” to map a user to the role.
- Now create a new singin policy if required.
- Configure a URL for users to access. e.g:- https://securevpn.company.com/<new url>
- Select a sign-in page and select the previously created realm from the list of realms.
This will basically configure the SVW. You can fine-tune it further to your needs.