Applies To:

Show Versions Show Versions

Manual Chapter: FirePass® Controller version 5.5 Administrator Guide: Using Macintosh or Linux clients with FirePass Controller
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


11

Using Macintosh or Linux clients with FirePass Controller


Using Macintosh and Linux clients with FirePass controller

The FirePass controller includes Network Access support for remote Macintosh® and Linux® clients, so you can use the FirePass controller for secure remote access in mixed-platform environments. As with the Windows platform support, you do not need to preinstall or preconfigure any client software when using FirePass controller with Macintosh and Linux systems.

Introducing supported Network Access features

All of the primary Network Access features are supported on Macintosh and Linux clients. For a list of Network Access features, see Configuring Network Access resource group settings, on page 5-19. The FirePass controller does not support Drive Mappings or Policy Checks features on Macintosh and Linux systems.

For more information about Network Access and configuring Network Access features, see Chapter 5, Configuring Network Access.

Features supported on Macintosh and Linux clients include:

  • Secure remote access to your internal network, with support for IP-based applications.
  • Split tunneling, so only network traffic that you specify goes through the Network Access connection.
  • Packet-based and group-based IP filtering, giving you the ability to restrict groups of users to specific addresses, ranges of addresses, and ports.
  • Compression, to reduce the amount of traffic passing between the remote client and your internal network.
  • Application launching.
    You must configure the starting of remote client applications based on the operating system on the remote computers. You can configure all other features independent of the remote client operating systems. For details, see Configuring the starting of applications on Macintosh or Linux clients.

Using Macintosh clients

The FirePass controller, version 5.5 has been verified for use with the Macintosh platforms listed in Table 11.1, following.

Table 11.1 Macintosh Network Access compatibility
OS X
version
Browser version
Java version
Auto install
10.4.2
Safari 2.0
1.4.1
ok
10.4.2
Mozilla 1.7.8
1.3.1
no support
10.4.2
FireFox 1.0.6
1.3.1
no support
10.3.9
Safari 1.2
1.4.1
ok
10.3.9
Mozilla 1.7.8
1.3.1
no support
10.3.9
FireFox 1.0.6
1.3.1
no support
10.2.8
Mozilla 1.7.8
1.3.1
no support

Using Linux clients

The FirePass controller, version 5.5 has been verified for use with the Linux platforms listed in Table 11.2, following.

Table 11.2 Linux Network Access compatibility
Linux
version
Browser version
Auto install
Redhat 9.0
Mozilla 1.7.11 and Mozilla 1.7.8
ok
SuSe 9.3 Professional
FireFox 1.0.1 and Mozilla 1.7.5
ok
SuSe 9.2 Professional
FireFox 1.0 and Mozilla 1.7.2
ok
SuSe 9.1 Professional
Mozilla 1.7.2
ok
SuSe 9.0 Professional
Mozilla 1.4
ok
Fedora Core 4
FireFox 1.0.4
ok
Fedora Core 3
FireFox 1.0
ok
Fedora Core 2
Firefox 1.0.6 and Mozilla 1.7
ok
Debian® 3.1r0
Mozilla 1.6
ok
TurboLinux® Desktop 10
Mozilla 1.4
ok
Slackware 10.1
Mozilla 1.75
ok

Configuring the starting of applications on Macintosh or Linux clients

The launch application feature specifies a client application that starts when the client begins a Network Access session. You can use this feature when you have remote clients who routinely use Network Access to connect to an application server, such as a mail server.

To configure the start of applications for Macintosh and Linux clients

  1. In the navigation pane, click Network Access.
    The Network Access Client Settings screen opens.
  2. From the For the group list (above the tabs), select the group for which you are configuring application launch settings.
    The screen refreshes to display the information for the group you selected.
  3. Note: The group must already exist in order to configure Network Access for that group. For information on creating groups, see Managing user information in an external data store, on page 2-6.
  4. Click the Launch Application tab near the top of the screen.
    The Launch Applications screen opens.
  5. In the App Path box, type the path of the application.
    For example:
    • For Macintosh, type open.
    • For Linux, type /usr/bin/mozilla.
  6. In the Parameters box, type any parameters you want to include.
    For example:
    • For Macintosh, type /Applications/ie.app http://www.f5.com.
    • For Linux, type http://www.f5.com.
  7. From the OS list, select an option.
    • For Macintosh, select Mac.
    • For Linux, select UNIX.
  8. Click Add to add the configuration.
    When remote users in the group make a Network Access connection, the application you configured starts automatically.

Installing the client on Macintosh and Linux systems

The first time a remote user starts Network Access, the FirePass controller downloads a client component. This client component is designed to be self-installing and self-configuring, but the user's browser must have Java enabled on Macintosh systems, or have Mozilla or Firefox to install a plugin on Linux systems.

If the browser does not support this requirement, the FirePass controller prompts the user to download the controller client component from the controller and install it manually. Users can find instructions on downloading the components manually on the Network Access Help page, available on their webtop after they log on to the FirePass controller.

Important

The remote user must have superuser authority, or must be able to supply an administrative password in order to successfully install the Network Access client.

Both Macintosh and Linux systems must also include PPP support (this is most often the case). When the user runs the Network Access client and makes a connection for the first time, the client detects the presence of pppd (the point-to-point protocol daemon), and determines whether the user has the necessary permissions to run it. If pppd is not present, or if the user does not have permissions needed to run the daemon, the connection fails.

After installation, the Macintosh client must restart the browser before launching Network Access.

Note

If you have a firewall enabled on your Linux system, you need to enable access on IP address 127.0.0.1 port 44444.

Understanding Network Access error messages on Macintosh or Linux clients

Macintosh or Linux clients might receive error messages while working with Network Access connection. Table 11.3, following, contains a list of the error messages as well as a description of their meaning and any recommendations for resolving the error.

Table 11.3 Network Access error codes on Linux or Macintosh clients
Error code
Meaning
1
Another Network Access client is already running
The client is either running or is in its shutdown stage. Wait a few seconds, and try connecting again.
2
Invalid version format
3
Control channel timeout on wait state during handshake
4
Null input received by control channel
5
Control channel timeout while in session
6
Unrecognized command from control channel while in session
7
Unrecognized command from control channel during handshake
8
Deadlock detected while acquiring lock
9
Unrecognized command from plugin during handshake
10
Invalid command for handling bytes transmitted
11
Invalid command for handling bytes received
12
Control channel does not receive initial handshake
13
Network Access client does not start
14
Timeout on reading initial configuration from the FirePass controller
15
Invalid format on parameters from the FirePass controller
16
Invalid local IP address on parameters from the FirePass controller
17
Invalid local port on parameters from the FirePass controller
18
Invalid session ID format on parameters from the FirePass controller
19
No session ID was specified
20
Cannot resolve the FirePass controller IP address
21
The FirePass controller IP address was not specified
22
Control channel socket error
23
Control channel does not respond to default command
24
Control channel hangs on disconnection or does not respond
25
Unrecognized command from plugin while in session
26
Control channel window timeout
27
PPP daemon or the FirePass controller file descriptors have changed
28
SSL handshake with the FirePass controller failed
29
No DNS server was specified
30
Timeout while receiving command from plugin
31
Timeout while sending information to plugin
32
Signal caught
33
Invalid remote IP address on parameters from the FirePass controller
34
Timeout while writing to Network Access tunnel
Possible network reconfiguration caused the connection to the FirePass controller to drop.
35
Timeout while reading from PPP daemon
36
Timeout while writing to PPP daemon
37
Timeout while reading from Network Access tunnel
38
Network Access client initialization error
39
Invalid split tunneling settings on parameters from the FirePass controller
40
Timeout while starting PPP daemon
41
PPP daemon does not exist on the host system
Verify that PPP daemon is installed or has been installed at the non-standard location.
42
Cannot open pseudo terminal




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)