you should not see anything imported from the system.cfg; to see changes, you will need to import the user.cfg. the user.cfg has realms, roles, ACLs, and all the configuration that you do not want to lose ... View more

Thanks that is what needed.    Cheers      Turf ... View more

@DerFalk, thank you for the update i am sorry to hear it continues to not function as desired/expected on 9.1R12 for you. if you have not done so, please open a case with our support team ... View more

If the connections were configured and they randomly disappear, where could we check to see why they disappeared? ... View more

I realise this is an old post but I just wanted to add some comments on how we fixed this error message. This is the error message that we received when we hadn't turned on Remote Desktop in Windows 10. Once we did this the connection went through fine. ... View more

We have the same issue in our system now. Every 20 minutes the system disconnects us. Did someone has a solution for this issue. Thanks in advanced!!! ... View more

Hey i seem to be having this same issue but i am trying to find users to make the adjustments as you were saying but cannot find it anywhere on the pulse ... View more

Our users do not have admin privs and we have found that Pulse Secure does not maintain a VPN connection when switch user is used, but Network Connect does maintain the VPN connection.   We don't normally have to switch user as admin elevation works for most things (Win 10 Pro), but not for appwiz.cpl (programs and features). ... View more

I don't think Mojave supports editing these parameters through sysctl.conf file anymore.   Couple of pointers: 1. Review the Pulse client logs to see if you are running into the issue highlighted in https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40117 Do you see the exact log entries mentioned in the KB?   2. 1205 is a generic error indicating that the pulse client was unable to create a virtual adapter on your machine which is necessary for VPN functionality, please see if the pulse client logs provide any clues around why it is failing (KB40117 is just one of the causes for 1205) Another one that I recently have seen is this https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43929    3. Ensure you are using a version of pulse client that is compatbile with Mojave release  (please reach out to your company's IT team if you are not using a compatible version and they can guide you on how to upgrade as each company has different deployment procedures for their endpoint software)   Details on Pulse versions for Mojave available here - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43768   Hope this helps ... View more

I would recommend checking with your account team on if the status of this option ... View more

As I tested in the live scenarios, PCS will create a P2P tunnel for VPN users traffic and straightforwardly push that to gateway we assigned on PCS.   So for getting reverse traffic, you should have proper routing for VPN users IP subnet in your internal network.   Also, there is no option of natting VPN users traffic to pulse interface IP as a lot of VPN solutions support that. ... View more

it was working smooth on my iPad Pro when it was running on ios 10 however as I have updated to ios 11.3 whenever now I am opening the app it only loads a blank screen on the start up and crashes after a while automatically. How do I fix it? ... View more

I am having this same issue and am using a laptop with Windows 7 Enterprise SP1. Has anyone come up with a simple fix that is going to last??? ... View more

hello, this link should help you -https://docs.microsoft.com/en-us/windows/deployment/upgrade/troubleshoot-upgrade-errors best regards   ... View more

  i ok now ! Thanks very mutch ... View more

Hi - Nice troubleshooting and finding the actual root cause for your end-user symptom :-)   Some options to run past the LB vendor (sorry not a LB expert) 1. Does your LB offer any form of GSLB capability in addition to the source-ip persistence? i.e. Redirect users to the same PCS gateway not just based on source-ip but based on the geo location of their source IP? That way even if source IP changes it still detecting that the user is from a specific location is sending them to the same gateway.    If that is not an option you may consider creating multiple connections so end-users are directly hitting individual PCS devices.  https://gateway1.domain.com, https://gateway2.domain.com   Its not ideal from usability however if the issue is occuring frequently and breaking access for your end users then it may be acceptable to degrade usability slighlty in favour of availability. ... View more

Yes ... View more

I respectfully offer a slightly different answer than ruc; however, both are essentially the same. At a high-level, the answer is "no" because the admin needs web access and, users can always try to access the appliance through their browser. You can put restrictions in place so that users cannot access the user portal; but there will always be a web page that will be displayed to users. ... View more

That makes a lot of sense. I can connect with my phone (over the Pulse app) to the company Wi-Fi just fine. So, I guess the problem would be in the laptop. Can I troubleshoot it in further detail myself?  ... View more

Please see below thread, If the solution mentioned there does not work please open a support case and mention the version of the microsoft reliability tool (assuming you are running windows 10)   https://community.pulsesecure.net/t5/Pulse-Connect-Secure/Pulse-secure-stuck-at-securing-connection-and-fails-with-1205/td-p/38183 ... View more

Please open a ticket for further investigation; there were changes in Windows 10 that may impact this ... View more

@ruc wrote: Connect to the serial console and create a super admin session. Follow the instructions on the console to login with super admin token and create a new admin account and/or reset password for the existing admin users. And no the device does not come with a default password :-)   ... View more

Welcome to Pulse Secure remote access via the Connect Secure option.  That is the terminology you will see for this basic feature.  I would recommend the following basic steps.   1-Get up to date.  Register and link an account to your contract on the support site and upgrade to the current version on the appliance.  This might take a support ticket to get older versions of the code depending on where your appliance currently is.  Note there are specific version support for upgrades when back multiple versions as seen in the release notes.   2-Decide on dual DMZ or single DMZ design.  Most go with a single ethernet interface in the DMZ.  This will both terminate the outside session and generate the internal network session from the same port.  There is also an option to use two ports on the device where one is in your external DMZ for the inbound connection and the inside port is used for reaching the resources.  Once you pick the single or dual interfaces you can assign the necessary ip addresses and design your needed firewall port forwarding and internal access rules.     You also need to choose if the appliance will provide a pool of ip addresses for the client connections or if you will use dhcp forwarding to your internal dhcp server.   Also note if you need internal DNS for connected clients and be ready for those inputs and selections to override the connecting client DNS servers.   Now you can configure the interfaces and connect to the network for basic setups.  And setup firewall rules.   3-Setup remote access:  You will need to configure authentication to your internal AD or use local auth on the applicance. https://www.pulsesecure.net/download/techpubs/current/424/pulse-connect-secure/pcs/8.3rx/How_To_Create_ADNT_Server_Instance.pdf   Once auth is setup, you then have to have resources and group mappings that can use the resources.  This can get complicated as it is very flexible in restrictions.  The admin guide has all the gory details.  Read the first two chapters to get the overview of all the options.  For simple layer3 connection setups go right to chapter 30 - VPN Tunneling.   https://www.pulsesecure.net/download/techpubs/current/1040/pulse-connect-secure/pcs/8.3rx/ps-pcs-sa-8.3r3-admin-guide.pdf   ... View more

In addition to what ruc & spuluka said, another option is that there are IP restrictions in place that prevent WiFi-based devices from connecting. Whether that is intentional or not, is another question that you will need to talk to your IT team about (as well as the other items that ruc & spuluka suggested) ... View more

Thank you for explaining what you are looking to do further. This is not possible to achieve without creating sign-in policies and URLs for each path. If you have control of the application and how it creates the URL, you can have the application send the rewritten URL (e.g. my.externaldomain.com/77.html,DanaInfo=my.internaldomain.com,+SSL) and enable the option for browser passthrough on the role at Users>User roles>roleName>General>Session Options. This will allow authentication to occur and then the PCS present the rewritten page to the user. ... View more

Neither, since its a higher client version it will just connect to the server as long as there is no compatability/known issue.  ... View more

For Web based access (web bookmark) the logs will only contain successful and denied web requests. However in your case I suspect the print functionality is not pure web traffic and hence not  being sent via PCS web access method. I think capturing a PCAP when using this application/functionality over  LAN is a good starting point. If it turns out its using non-web traffic then you can configure Pulse L3 VPN client to enable secure remote access to this app instead of web bookmark based access. If its pure web traffic and still not working you may have to open a support case with the logs mentioned in https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40981 which will allow support to understand why the rewrite engine is not intercepting and securing traffic for this print work flow.  ... View more

If this is for single PCS appliance you can set 'Maximum users' per realm and will help achieve your objective. If this is a multiple PCS appliance deployment and likely to continue growing in terms on number of users you should look at deploying a Pulse License Server which help elastic licensing deployment and allocation ... View more

How long is this going to go on? I have submitted a case to get my MAGs added and its been a week with NO STATUS. Come on, Pulse Secure! You have had about a year to get this ready! And no word from support! Not a good start! I will really have to consider if I will renew my support when it expires. ... View more