We have a customer that requires us to connect to their network through their web portal running "Pulse Connect Secure". Once I authenticate I'm able to connect to our devices on our network.
I'm used to "traditional" VPN clients where once I log in with a username/password I get an IP address, subnet mask, gateway, and a route added to my machine. This isn't happening when I log into their Pulse Connect Secure web portal, yet I'm still able to connect to our devices on their network with Microsoft RDP.
How does this wizardry work? I've been trying to find some high level technical details by searching on Google but I'm not finding much. Can anyone throw some knowledge my way? Maybe some terms I can search for that will explain how this magic works? The only thing I can think of is that the .exe application that loads on my machine redirects the traffic to their network, but how does that .exe intercept the network traffic of mstsc.exe? Is it a TCP wrapper of sorts?
Pulse Connect Secure authorizes the resources that are accessed by users through an extranet session hosted by the appliance. Pulse Connect Secure intermediates the data that flows between external users and the company’s internal resources to provide robust security. During the process of intermediation, the PCS receives secure requests from the external, authenticated users and makes the request to the internal resources on behalf of the users. By intermediating, the need to deploy extranet toolkits in traditional demilitarized zones (DMZ) or provision a remote access VPN for employees is eliminated.
You can also find a diagram of this flow for your reference: