cancel
Showing results for 
Search instead for 
Did you mean: 

Network Level Authentication (NLA) Support

arnert
Occasional Contributor

Network Level Authentication (NLA) Support

As the result of the lastest exploits. Some hardened and newer windows versions are requiring NLA to login with smartcards (PIV) or tokens for Remote Desktop Access. What is Pulse Secure official position on this? Other vendors are having similar issues with NLA not working for them. F5 - VMWare and others.

KB21244 - NLA (Network Level Authentication) is not supported via Terminal Services (Windows Server ...

Also when will HTML5 TS support smartcard logins? This is a huge issue in the goverment space?

3 REPLIES 3
zanyterp
Moderator

Re: Network Level Authentication (NLA) Support

Can you test with 9.1R1, please? There is a new option in the terminal service bookmark that allows smart cards with NLA.
I would recommend working with your account team to get an enhancement request in for HTML5 support of smart cards. This will allow the product management team to be aware of the customers that require this.
arnert
Occasional Contributor

Re: Network Level Authentication (NLA) Support

Ok - we are on release 9.1 R11.5 - We are using client certificates on a smartcard(s) to login and access IVE bookmarks now currently - This works currently just fine additionally on the backend we are using KCD with Microsoft Application(s) bookmarks (IIS/SPS) . It works -- Question - PulseSecure support natively HTML5 (Guac) RDP access using MS Kerberos? Can the web server proxy this as of 2021?  Yes or No - and if not what is the limitation. Can do this with standalone apache and HTLM5 (Guac) ? Please advise.

r@yElr3y
Moderator

Re: Network Level Authentication (NLA) Support

@arnert If your ask is whether HTML5 RDP access works using AD authentication, then yes, it'll work. Try adding the <NTDOMAIN> variable or <static domain name value>\<USERNAME> as the template for username.

PCS Expert
Pulse Connect Secure Certified Expert