cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Highlighted
Occasional Contributor

Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Hi All,

I'm wondering if it's possible to configure the PS environment to allow full VPN tunnel access if the users are connecting from their corporate PC's and laptops but only allow limited VPN tunnel access (i.e. RDP via either VPN tunnel or resource profile) if they are connecting from other unknown PC's and laptops?

Is this simple/possible to configure?

Thank you
3 REPLIES 3
Moderator

Re: Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Yes, it can be done.
You need two roles: one that allows full VPN tunnel access; one that allows only the subnet/ports you define on the VPN ACL and/or bookmarks for RDP
You will create role mapping rules that send users to the different roles based on criteria you determine
Occasional Contributor

Re: Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Hi,

Thanks for the reply.

The users authenticate via AD accounts and they will be using the same accounts wherever they go, so I assume the PS device will need to decipher if they are on a "secure" device or not and then assign access accordingly.

I've had a look at host checker but I think that's either just an allow or deny policy right, can you say i.e. if they don't have these mac addresses then only give them limited VPN tunnel access?

Thanks!
Contributor

Re: Pulse 8.2 - configure limited VPN tunnel access from non work PC's

If the Corporate PCs are domain members we typically check for the domain membership using registry key values or check for the device certificate if you are provisioning those to domain members. You do that using HostChecker then assign the correct Role based on the Hostchecker result.