cancel
Showing results for 
Search instead for 
Did you mean: 

Block anyconnect

New Contributor

Block anyconnect

So we are going to implement host checking in pulse secure. the problem is we have some people using linux, and anyconnect to connect to the VPN. for some reason anyconnect doesn't trip the hostchecker part, is there a way to make anyconnect trigger host checker or block anyconnect from connecting? both solutions would work.

2 REPLIES 2
Pulser

Re: Block anyconnect

Hello @tmolleck

 

If you are going to block users that use anyconnect, this will work. You can implement a policy to block anyconnect services. You can also give those users a different role. Below is a KB on how to configure the certain process based policy for host checker. 

 

If a realm or role is configured with host check for the mcafee.exe process, every time a client connects to PCS/PPS, the end user computer's memory is inspected for the mcafee.exe process. Host Check will pass, only if this process is running. You can also deny if ther process is running. 

 

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB22348

 

Let us know if you have any more questions. 

 

Thank you!

Moderator
Moderator

Re: Block anyconnect

I believe it's called OpenConnect client which can be used to connect to Pulse Secure server from a Linux machine not Cisco's AnyConnect! Is that correct?

One setting (I know), which does this type of blocking is the browser (user agent) based restrictions enforced on the user realm.

Take for example, you can configure the user agent string as *Pulse-Secure*

Under, Users --- User realms --- Authentication policy --- Browser --- enter the pulse secure client string --- Allow. Which causes all the clients except pulse client including web browsers and OpenConnect client from connecting to VPN.

Note: If we can pass custom user agent as Pulse-Secure using OpenConnect client initiated connections, which is like potentially masquerading the connections as they're coming from the Pulse Secure client, then the realm level restrictions will not work. Keep that in mind.