Is there anybody who uses latest Junos (15.1X49-D120) on SRX3XX series and has dynamic VPN working with latest Pulse Secure Desktop Client (5.3.4)?
I was following this guide https://www.juniper.net/documentation/en_US/junos/topics/example/vpn-security-dynamic-example-configuring.html with no success.
According to this forum thread https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Juniper-owners-how-to-get-client/td-p/9318 Pulse clients >= 5.2 should not work with SRX but there is still option to configure SRX connection in latest Pulse clients.
Traceoptions for ike and dynamic-vpn doesn't help. Firewall sends TCP FIN immediately after SSL Client Hello from Pulse Client. Web interface of the firewall is accessible via HTTPS from Internet and properly displays the message "Please obtain the Pulse Client from the Pulse Website". Firewall is using system-generated-certificate, but Pulse Client does not even ask me to accept untrusted certificate.
I am aware of the possibility tu use NCP client. I have already tested this option and it works fine. But our employees use Pulse Client for regular VPN access with MAG appliance and it wouldn't be convenient to buy and use another VPN client.
I would appreciate any suggestions
My friend at Juniper solved the issue (all credits goes to K.H.):
Pulse Client on Windows 7 tries TLS 1.0 connection and it is not supported on latest Junos releases any more.
It's necessary to apply following fix: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in