When working as designed, the Pulse Secure clients should revert from ESP to SSL only if the ESP (UDP) connection fails consistently. More specifically, there are timeout/heartbeat mechanisms that ensure that UDP packets are being transmitted properly; if this mechanism indicates a failure for more than 75 seconds, then the tunnel will revert from ESP to SSL.
So, the first step would be to see whether there is anything in the networking substrate that might cause the blockage of UDP packets after an hour. Perhaps a network-node change, like a firewall or router? There have been cases in the past of customers incorrectly configuring load-balancing or other clusters of Pulse gateways, and this can cause packet loss. You may need to consult your system administrator to see whether these apply to you.
If the network substrate can be ruled out as a cause, then you may want to contact Pulse Secure's Global Support Center for more information:
If you do, you may want to reference ticket PRS-324375.