Updated for Catalina (Developer Preview)
This is a 32-bit application, and (as expected, and documented in this post in 2017) no longer runs on macOS Catalina. A bug is open for this, but because the product is in maintenance mode, it is not clear whether the time required to fix this issue will be available. Users of Network Connector should investigate alternative VPN options; either IPsec on their legacy SSL VPN appliance, or migrating to the newer CloudGen Firewall and using the Barracuda VPN Client to form a TINA connection. TINA is the preferred option as the Firewall is the more future-proof product and TINA offers advantages over both Network Connector and IPsec.
Alternatively, if there is no other option, you can use a third-party client called TunnelBlick - documentation on how to do this will follow.
Touch Bar models
The issue still remains with Touch Bar models of MacBook Pro, where the SSL VPN Agent cannot run in either the Standalone or web version. This is an unfortunate situation where these models were not shipping at the time we moved the product into maintenance mode, and they fell on the wrong side of that cut off date. A ticket is open, but this issue is unlikely to be fixed. As above, the migration path is towards the CloudGen Firewall product, and CudaLaunch (which is the Firewall equivalent of the SSL VPN Agent, but is NOT reliant on Java and has no issues with the Touch Bar on laptops that have one)
Notes for Mojave
Java in Safari 12 and above
Safari 12 or higher will no longer run the Java plugin. This means that on macOS all browser-based SSL VPN Agent resources are unusable, including (but not limited to)
- Tunnelled Web Forwards
- SSL Tunnels
- Applications such as Remote Desktop
- Agent-based NAC
If you rely on this functionality, you must make sure to investigate the Standalone SSL VPN Agent option before you or your users begin to upgrade to Mojave or higher. My testing with the Standalone SSL VPN Agent proved successful, including launching RDP which was often not working in High Sierra.
Network Connector still has the same caveat as High Sierra - when you make your first Network Connector connection, you will get a warning about the kernel module needing to be improved. You MUST open the Preferences applet and accept this change within 30 minutes otherwise the operating system removes this option and makes it far more complicated to make the exception, and potentially impossible for end users to do themselves. There is also a warning that Network Connector is a 32-bit application, which is true, but it still works well. The known issue that potentially causes network issues after disconnecting Network Connector still exists, for which there is a workaround on this forum.
Since my original post it has been publicised that macOS Mojave is the last version which will support 32-bit applications. This means that Network Connector in its current form will stop working on the next major release of macOS (10.15, name TBA). As this is not a security vulnerability, no commitment has been made thus far to creating a new release of Network Connector.
Notes for High Sierra or older
Java in Safari on High Sierra (10.13)
Safari is the only macOS browser which can still run Java applets. More steps are now needed to allow the plugin to run in Unsafe Mode, in order to allow it to download files. See the post below for more information. This is a new operating system restriction with no automatic fix available from Barracuda.
Network Connector on High Sierra (10.13)
The kernel level driver used by Network Connector is now subject to the new kernel security mechanisms in High Sierra (https://developer.apple.com/library/content/technotes/tn2459/_index.html). Network Connector can still be used, however immediately after installing/running it the first time, a security prompt must be manually accepted in System Preferences. See the post below for more information. This is a new operating system restriction with no automatic fix available from Barracuda.
SSL VPN Agent on MacBook Pro models with Touch Bar
These are unsupported by the SSL VPN Agent (neither the web Agent, nor the Standalone Agent). There is an issue with the use of a particular Java library and the Touch Bar (this affects other Java-based applications including Eclipse). There is a bug ticket open for this, but as it is not a security vulnerability, this is not being considered for a fix while the product is in maintenance mode.
Launching RDP from the SSL VPN Agent
There is an issue with fully updated systems (macOS 10.13.1, Java 8u151) where RDP connections cannot be automatically launched anymore. The SSL Tunnel opens correctly and an RDP connection can still be launched manually, but it appears that the operating system now further sandboxes Java processes such that they cannot launch applications in the user's session, the app has to be launched by the user themselves. A bug ticket is open and this is still under further investigation, potential workarounds include launching the Remote Desktop client manually, or using IPsec/Network Connector to open a traditional network connection.