All Topics » Pulse Policy Secure

Traffic collection via VPN-tunnel (jflow or (R)SPAN))

Contributor (11)
Jul 15, 2014 12:59am



First of all, I'm not sure if this is the right place to post. I apology if I should have posted elsewhere.

I'm playing a bit with a design of an HQ with Juniper UAC and Endpoint Profiler. The endpoint profiler should profile devices at my branch and the Juniper UAC be used for VLAN-assignment etc. based on the chosen profile.

I have various options to collect the data centrally. DHCP is one thing. The DHCP-traffic can be forwarded from my branches by relaying it to the central EP via VPN.


If I need to profile based on things like port numbers, I would need to have my branch traffic forwarded to the HQ to be watched by Endpoint Profiler - either the NetWatch or NetRelay module.


Is there any limitation as to having Netflow / jflow data exported via VPN (would prefer this over exporting the data directly via internet). For example with Juniper SRX / EX switches but potentially also with switches or firewalls from other vendors like Cisco.

Could also setup some kind of TAP / SPAN but then I wouldn't have the sampling benefits of the flow technologies.


Any ideas?

Contributor (11)
Jul 15, 2014 11:51pm

Hi Mathias,


I understand your requirement.


I also believe that your requirement should be possible using UAC and Beacon Endpoint MAG SM360 profiler solution. I have seen customers profiling based onport numbers, mac address etc.


However I recommend you to work with Juniper support  on this since its needs confirmation from GreatBay support who are the OEM vendor for this profiler device.


Hope this should resolve your query.


Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!



    Contributor (11)
    Jul 16, 2014 12:22am

    Thanks for the reply.

    Would this be JTAC or an SE?

    See this is still on the draw board, so the hardware is yet to be bought.