Hi. As per Pulse 5.2R5 Client administration guide, the function of this feature is to disallow other network traffic outside the tunnel during VPN creation and stated that the lock-down option blocks nearly all network traffic, but there are exceptions for the minimum amount of traffic required to initialize network adapter such that a tunnel can be created. As such, traffic used to get IP addresses, hostnames, etc. (DHCP, DNS, etc.) are permitted even when the machine is locked down. I do not believe that it causes services to not start in the client and if so, we need to investigate that, and I recommend opening a support case if further testing confirms this undesired or unexpected behavior. The EAP-TLS issue may be normal due to the feature function, but please look further in to the admin guide. We have a KB that has some info about this feature: KB40363 - Behavior of "Lock Down this connection" (also known as Lock Down Mode)
... View more