we are having following need:
Case 1: Client is connected to the company LAN and connects to an internal VPN server. All traffic is routed via the VPN and a only few services are allowed. Works fine.
Case 2: If the client connects to an NON company network, for example a private router, the connection should be locked down and only a few targets should be reachable (we define them in the "Lockdown mode exception rules" section).
We are using "Location awareness rules" to check if the client is connected to the company network or not (we us the action "Resolve address").
Lockdown mode is working fine, if the Pulse Secure Client is currently in action initiating the VPN connection, but the lockdown mode is disabled if the Pulse Secure Client is idle (does not need to connect, because he is NOT on the company network).
As i see in the manual, this is an expected behavior:
"...because Lock-down mode prohibits connectivity only when the Pulse client is in the process of creating a network connection...".
The only solution I found is to delete the location awareness rule check, so the Pulse Secure Client continuous tries to connect to the VPN. But this is not a clean solution in my eyes...
Anyone having an better idea how to stay in lockdown mode until the client is connected to the company network?
that was my understanding of the lockdown mode, but in my config the blocking is only really executed when the Pulse Secure Desktop Client says "Connecting....".
Before the "Connecting" state all traffic is allowed, not only the traffic I allow via the exceptions rules.