It is normal.   An user can have a session in PCS and not have a tunnel up. That is besides the obvious one users with just core access. ... View more

Hi,   We also have a SM360 with PCS 8.3R7.1 and we are pushing PDC 9.1.7 for our users without major issues, most of them upgrading PDC from 8.3.7.   But this is the easy part. The users must also to update JPIS and it is a manual process (or automated with SCCM). ... View more

Hi,   Probably of you do a ldd on pulseUi, you will see libwebkitgtk-1.0.so.0 is not installed. $ ldd /usr/local/pulse/pulseUi   To fix it, you just need to add Bionic Beaver (18.04 LTS) repository (or adapt to PopOS) # add-apt-repository 'deb http://archive.ubuntu.com/ubuntu bionic main universe' Then install the missing package. # apt install -t bionic libwebkitgtk-1.0-0 Tested with Pulse Secure 9.1R4 ... View more

Because I do not like to add adhoc packages, I've tested using this recepie.   Add Bionic Beaver Repository (18.04 LTS) # add-apt-repository 'deb http://archive.ubuntu.com/ubuntu bionic main universe'   Install Missing package # apt install -t bionic libwebkitgtk-1.0-0   Tested with sucess with PS Client 9.1R4 in a clean installation of Ubuntu 20.04 ... View more

Same with Ubuntu 20.04 LTS   Will pulse stop supporting Ubuntu? ... View more

Anyone know if this feature was deprecated in new versions of PCS (8.x 9.x) ?   I can not find in new documentation. ... View more

Hi,   Who manages the computer, can decide which interfaces register their IPs. https://docs.microsoft.com/en-us/previous-versions//cc959739(v=technet.10)   Best Regards,   ... View more

PCS supports IKEv2,   https://docs.pulsesecure.net/WebHelp/PCS/9.1R4/AG/Home.htm#PCS/PCS_AdminGuide/IKEv2_Support_Overview.htm   Usually all OS support it of the box. ... View more

Hi,   What are CAV Policies?   Why they are fetched in an external IP which users do not have access?   Cheers, ... View more

Hi,   Pulse Secure Application Laucher is not the Pulse Secure Client.   Pulse Secure Application Laucher (aka PSAL) is just a small application which is used (at least) by the browsers to launch the several applications of Pulse Secure.   Pulse Secure Client it self, depending of the configurations of your company, could be installed via browser using VPN URL, but it need to have Pulse Secure Laucher before.   You should contact your company to check which is the correct procedure to installl and configure Pulse Secure Client. ... View more

I'm also see that behaviour last week analysing logs from an user. Adding some more information: our external private IP is not publish no where else besides PCS configuration and in our LB. All our users only see/communicate with the public facing IP from LB for the PCS cluster. ... View more

Hi,   Explanation: The agent (aka, host checker) which make the validation does not recognize BitDefender, therefore, it is ignored as a AV. As Windows Defender is always installed in the machine and it is detected but it disable, it does not comply with security policy.   Solution: Request to who manage VPN service to open a case to request BitDefender (and that version in specific) to be added to host checker.   Workaround: Disable BitDefender and Activate Windoes Defender, while the issue is not corrected.   And by the way, the issue is not with the version of Pulse Secure, but with esap, which is the package host checker uses to validate the AVs (and other stuff)   Best Regards,   ... View more

Hi,   Here (in PS Community) we can not advice to which version you should upgrade, because it depends in you enviroment.   But as rule of thumb, you should have the latest minor release of your major release. In your case, you should have 8.3R7.1 which correct all issues reported in SA44328. ... View more

Just to confirm   /api/v1/system/active-users   Was introduced in 9.0 and is not available in 8.3 release, right? ... View more

Hi,   In mobile (Android, iOS) Host Checker just runs in Pulse Secure Client (and just check version and if root/jailbroken). There is no hostchecker in the browsers. ... View more

Hi,   I think the only way is to check the logs if you have "Unauthenticated Requests" activated.   If you upgrade PCS, the only thing will be copied from the previous installation are the configuration and logs, so if something was changed, will not be copied. ... View more

Hi,   Google Autenticator is just an implementation of the RFC6238, which is a extension of RFC4226. You can see an overview in Wikipedia: https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm Both OTPs, are based in a secret key, which is shared between both server and user. That secret it is in QRCode generated. The server must have those secrets somewhere, therefore, if obtained, someone with those secrets can generated the codes expeted by the server.   You should revoke all tokens, besides force users to change password.   I hope this short explanation helps you.   Cheers, ... View more

HI,   Just an information:   Also using the same Pulse version in Fedora 30 (upgrading since 26) and it shows the time remmaing. ... View more

Hi,   There are many ways to do SSO (kerberos, ntlm, form post, saml).   If you explain your use case, probably the community will be able to help.     ... View more

No, PCS does not have that functionality... there is no logging if a connection is aceepted or denied. ... View more

This is a comment and not an answer. In XML there is no information about keys or secrets. That kind of information usually leave inside the export config. Because the id of an OTP is the secret of that authentication mechanism it should never be reveled in the XML file. I think PS should make a especial import (like exists for the certificates) to make this migrations possible. ... View more

Hi Ganesh,   I do not know any tool to help to clean up configurations in PCS.   We export logs via syslog and put them in a DB and them ran some scripts to give us some light in what is going on.   You can also use the feature of archiving the logs [Maintenance >> Archiving], in this way, you can define when you want the be archive (and clean if you decide it so).   Internal log is base in disk limit defined by you up to the max permitted.   Best Regards, ... View more

In KB11503 I did not find why is not supported what you need to do.   But import a XML to change attributes, is not just change an attribute, you need to specify what operation you whant to do. Probably you also need to check section "Using Operation Attributes" in the manual.   Quick example, without testing.     <configuration (...) > <users> <resource-profiles> <file-win-profiles> <file-win-profile operation="replace"> <name>MyShare</name> <autopolicies> <file-win-acl> <rules> <rule> <name>Allow \\MyShare\*</name> <action>allow</action> <rule-read-only>true</rule-read-only> </rule> </rules> </file-win-acl> </autopolicies> </file-win-profile> </file-win-profiles> </resource-profiles> </users> </configuration>   ... View more

Hi,   Instead of entering your email, configure the URL for the VPN service.   Regards, ... View more

After client and server be update this issue does not occur, so PCS does not influence in this issue. ... View more

With Fedora 28, PS 9.0R1 just need compat-libicu57-57.1-2.fc28.x86_64 to work. ... View more