Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Management problems

SOLVED
Go to solution
tony.f
Occasional Contributor
‎01-10-2019 03:47:AM
‎01-10-2019 03:47:AM

Access Management problems

Hello all,

 

So I'm new to Pulse, and I'm trying to configure and test basic access management scenarios.

I want for instance to restrict SSH access to a certain ressource.

I allowed Telnet/SSH on the role level, but I specified a Resource Policy that denies access to the resource.

But when I test this, I can still access the resource!! Even when I disable Telnet/SSH on the entire role, SSH works fine!! Should I reboot my PCS appliance for changes to take effect? I logged off and signed on after making changes with the proper user that is mapped to this role without any change...

If I'm not connected to this tunnel, there's no way to access resources! So there's no a chance PCS is denying my SSH traffic but another VPN is transmitting it!

Am I missing something??

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
flipPipe
Frequent Contributor
‎01-10-2019 06:20:AM
‎01-10-2019 06:20:AM

Re: Access Management problems

Hi,

 

I did not understand what you what to make.

 

There is two types of access you can control in PCS. One is the services provided for the web browser and the other to the VPN client it self.

 

When you allow a service at the role level, it is for the browser, except "VPN Tunneling" which allow for a user in that role to use the VPN client.

So, if at a role level, you enable feature "Telnet/SSH", you are allowing a user to use the builtin ssh/telnet web client in the browser and are controlled by a "Telnet/SSH Policies"

If you need a user, access via SSH to some machine via VPN Client, the you should activate the feature "VPN Tunneling" and create a " VPN Tunneling Access Control"

 

And these policies are distinct from each other. Ie, if you configure something in "Telnet/SSH Policies" they will not be translated for the VPN client accesses.

 

If I recall correctly, in a new installation of PCS, all policies are in allow mode, double check if they are active or not.

View solution in original post

1 REPLY 1
flipPipe
Frequent Contributor
‎01-10-2019 06:20:AM
‎01-10-2019 06:20:AM

Re: Access Management problems

Hi,

 

I did not understand what you what to make.

 

There is two types of access you can control in PCS. One is the services provided for the web browser and the other to the VPN client it self.

 

When you allow a service at the role level, it is for the browser, except "VPN Tunneling" which allow for a user in that role to use the VPN client.

So, if at a role level, you enable feature "Telnet/SSH", you are allowing a user to use the builtin ssh/telnet web client in the browser and are controlled by a "Telnet/SSH Policies"

If you need a user, access via SSH to some machine via VPN Client, the you should activate the feature "VPN Tunneling" and create a " VPN Tunneling Access Control"

 

And these policies are distinct from each other. Ie, if you configure something in "Telnet/SSH Policies" they will not be translated for the VPN client accesses.

 

If I recall correctly, in a new installation of PCS, all policies are in allow mode, double check if they are active or not.

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.