cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse Secure behind Load Balancer

New Contributor

Pulse Secure behind Load Balancer

Hi Guys,

I have a cluster a of MAG-4610 in active/active mode behind a cluster of Load Balancer (A-10 Networks).
I'm running version: 8.0R10
Acessing the Cluster of Pulse Secure through HTTPS directly or connecting using the Network Connect Client works perfectly.
But trying to connect using Pulse Secure Windows Client doesn't. It used to work when the Cluster of Pulse Secure was connected directy to the firewall.
Now that it is connected through our Load Balancer it doesn't work anymore.
We use 2 Form Factor Authentication on the Pusle Gateway (Firts against LDAP and Second agains Radius/OTP).
I noticed that accessing the Pulse Secure Gateway directly or using Network Connect provide me a "Web Page" asking for: Username / Static Password / One Time Password, while using Windows Pulse Secure Client, first ask me for my Username / Static Password and then prompt me for the One Time Password,
On the load balancer, I just load balanced HTTPS protocol with source IP persistance.

Does anyone have ideas why the Windows Pulse Secure Client doesn't connect any more ?
It doesn't even prompt me for the Username / Static Password.

Also notice that, I used wireshark on the Windows Client, and I can see the certificate being delivered to the Windows Client, and then nothing more.
Are there any port to open on the firewall ?

Thanks and Best Regards,
Jean-Christophe
3 REPLIES 3
Moderator

Re: Pulse Secure behind Load Balancer

TCP 443 & UDP 4500 need to be opened on the firewall & load balancer (unless you are doing only SSL transport for the VPN tunnel)
Is the load balancer terminating the session or is it sending the request to the physical appliance hosting the user sessions?
When you do a TCP dump on the client, load balancer, and both PCS appliances, do you see the request from the client make it to the load balancer and then show up on one of the appliances (and maintain persistence to the same appliance to complete secondary auth)?
New Contributor

Re: Pulse Secure behind Load Balancer

Hi,
Sorry for the very late answer.
I had to change the from Layer 7 (HTTPS) to Layer 4 (TCP/443) and everything worked perfectly.

Thanks & Best Regards,
Jean-Christophe Valiere
Moderator

Re: Pulse Secure behind Load Balancer

Glad to hear it is working now