Juniper SA machine level VPN tunnel

posted 2 Nov 2016, 03:14 by Donald Ross
You can configure a machine level VPN tunnel to be active when the user logs out. 

Below is the sequence:

User boots up the laptop
Internet connectivity exists
User hasn’t logged on
Pulse client brings up a VPN tunnel in the machine context using machine certificates / machine credentials
IT or SCCM admin can remotely connect back to the laptop or push updates etc
User hits CTRL+ALT+DEL and logs onto the domain as the domain controller is reachable.
Once the user desktop is loaded and user is within the user context. At this point the VPN tunnel can be configured to be active using the machine tunnel or drop the machine tunnel and reconnect using user credentials with 2 FA etc. VPN will be established
User logs out of the workstation
Machine VPN becomes active
VPN is always on in the above scenario with an exception of when the user is in a trusted network (office location etc)