The basic discussion is in KB10162.  From the outside you must have 443 and should have 80 and 4500 with icmp if you want to be able to use ping as part of your troubleshooting.  Port 80 allows a friendly redirect for users.  Port 4500 allows the connect to use esp and be more efficient than ssl when it works for the client network.

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB10162

If there is a firewall between the IVE and the internal AD you would reference KB21482 for the ports needed.

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB21482

Thanks spuluka good info.

I have a public IP assigned to the external port and I can ping it, but I am unable to http or https to the unit....

Is there any way to tell if my http/https requests are hitting the public IP?  Is there any place where I need to enable these ports to respond on the device?  The external port is enabled.

Thnx

Sounds like you are using a two arm deploy with dual DMZ?

My recollection is that by default the configuration is setup for one arm deploy.

SSL deploy options:

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB10162

Have you created the sign in page for the external port or the virtual ports and sign-in page?

Once a page is assigned the associated ip address should auto-forward on 80 to 443 and display the SSL sign in page for that port.

Yes, setting it up two arm.....  I'll check my sign-in pages to see if they are associated with external vs. internal ports, although I don't remember seeing this.  Doesn't mean I didn't miss it.   Thanks for the quick reply!

I just want to use the default sign-in */.  On the Sign in policy page I have associated a realm to this.  That's all I see really in the Signing In area.   Over to the Sign in Pages, I didn't create anything here, just wanted to use the Default.

I don't see anywhere where you assign a sign-in policy or page to an interface.

Looks like it may have been a firewall issue!

Thank you for your quick replies!