Showing results for 
Search instead for 
Did you mean: 

AWS Marketplace Pulse Connect Secure 9.1R13 unusual Network requirement

New Contributor

AWS Marketplace Pulse Connect Secure 9.1R13 unusual Network requirement

Hope there are experts here that can shed some light. I was informed by one of the support engineer that in order for the virtual appliance to work. All my public, private and management subnet needs to have internet gateway attached to it.


My intention for my private subnet is to have zero internet access as it is a secure zone. Management subnet should also have zero internet access. The only subnet that I would be ok with to have internet gateway attached is the public or DMZ subnet.


I am able to modify the cloud formation script provided, but the appliance just don't work.


Any insights on why this is so?


From a older version 9.1r5 documentation (, 

"Each interface in AWS can have private and public IP addresses. Sample CloudFormation Templates provided by Pulse Connect Secure creates the Pulse Connect Secure Virtual Appliance with public and private IP addresses for external and management interfaces and only private IP address for internal interface"


However that version is no longer available in AWS Marketplace.


From a security standpoint, I don't think my CISO team will allow this at all and we will likely have to move away from Pulse Connect Secure


Re: AWS Marketplace Pulse Connect Secure 9.1R13 unusual Network requirement

@keenhon It's not mandatory to have IGW attached to all 3 NICs. Unfortunately, I have not used CF templates for creating instances in AWS, so can't verify the changes that you did, however, I'm using the launch templates within EC2 dashboard to create a template with latest PCS AMI, 2/3 NICs with order of eth0 (index 0) - internal, eth1 - external, eth2 - management interfaces, assign elastic IP NIC to the external port, create an instance from the template, choose HDD, Network, etc. and I can access the admin UI through private subnet after connecting to AWS using Endpoint VPN or from other EC2 resources.

I'd expect the same to work for you if all network/SG related settings are good. IGW can be attached only to the external subnet for allowing Internet access only to the external port.

PCS Expert
Pulse Connect Secure Certified Expert