You can troubleshoot with wireshark to confirm that the response for the NCSI check is failing (meaning that the data is not being returned or the access is failing somewhere along the path) ... View more

In addition to the previous steps, what happens if you remove the proxy from the configuration? ... View more

  8.2 cannot be downloaded; however, you should still be able to see the 8.3 DTE version on the support site: Login to my.pulsesecure.net Click on “Licensing & Download Center” Click on “Downloads” Click on Pulse Secure Click on Pulse Connect Secure Click on Pulse Connect Secure Click on “End of Engineering Releases” Click on desired release Accept the Export Compliance Accept the EULA Click on the file ending in .zip for the desired virtual format ​   ... View more

I would recommend checking with your PCS/VPN admin for more information on what you need in order to complete successful authentication ... View more

I have been testing with the Catalina beta and Pulse is looking to be ready when Catalina is available in the next 6 - 8 weeks ... View more

  is this all connections? there are some things that will cause that message: the site is not allowed on the ACL proxy in the browser proxy on the network the server is not reachable ​   ... View more

what SSL/TLS version are you using? if the PCS is using a version that is disabled on the client (or browser), it will not work. does the same behavior occur without cert auth? do non-yubikey certificates show the same behavior? is the sign-in URL that you are using in the browser the same as you have configured on the appliance? ... View more

as others have mentioned, that is not something that can be done at this time. i would recommend reaching out to your account team to let them know this is something you think would be beneficial and they can work with the product team on an enhancement request ... View more

what is the context of wanting the legacy client for a legacy version? as @Ray mentioned, it is not available outside of the PCS gateway itself and needs to be provided by the administrator. if you have access to the Pulse client, that should function on the same role/realm (unless admin restrictions have been implemented that prevent the newer client from connecting) ... View more

@Ray, your guess is as good as mine (both on the impact and goal). because the system has been factory reset prior to the OVF being done, it should be the same as what is downloaded (only, potentially, on an upgraded version). @mbuster25: what are you expecting to happen when doing that vs using the OVF from the download site. if the goal is to have a new VM image up and running, yes, that should work just fine (as long as VMware allows doing that). in theory, though, yes, that should create a blank PCS on the version you are wanting to deploy (if that is the reason for doing it that way). i am not sure what will happen when it deploys (if it uses the property values from the original or if you can update them to the new data center details). ... View more

Hi @swathi, I would recommend contacting our support team for assistance ... View more

in addition to what @Ray said… when you initially launched the pulse client, do you remember if you saw a request to authorize the connection? if not, next time you reboot and attempt to connect to pulse, can you open System Preferences>Security and see if there is a request to authorize the application loading a kernel extension? ... View more

To jump on what @Ray was asking: are you clicking on anything to use RDP (for example an RDP client bookmark) on the web portal? if you are using the Pulse client or WSAM, it works through the magic of TDI; if you are using the Terminal Service client (RDP bookmark), it works through the magic of localhost :D without more information on which client you are using, we are only grasping at straws (reasonably strong straws; but straws nonetheless) ... View more

which version of Android OS are you using? there is an issue with pre-Android 9.0 in which the OS revokes the Pulse Secure client access (even after granting access) the configuration, in our testing, requires the certificate to be configured for the Pulse Secure client using the application configuration option in AirWatch ... View more

I can see the validity of that request; unfortunately, it does not exist at this time. i would recommend working with your account team to put in an enhancement request with the product team to investigate the options for adding this ... View more

Hi @Arne, Can you let me know what type of service is being provided to the Windows 10 users: VPN or NAC? From the description, it appears to be NAC (at least on-prem). Yes, that is correct that the Pulse Linux client does not support CAC auth. I believe that the PPS should be able to do native 802.1x authentication for Linux if the native supplicant supports CAC with 802.1x. if it is for VPN access, the lack of CAC support is still present. person-hours for maintenance: should be around 2 a year (for upgrades). person-hours for initial config? no easy way to guess; but i would forecast less than 50; but could be more (just because there are always details that pop up unexpectedly or do not work as expected) ... View more

to add to what @Ray said, are you wanting to do host checking validation for machines that are creating a VPN tunnel OR are you wanting to do host checking based on resource access over the VPN tunnel? ... View more

@Ray: No, setup client is not installed with Pulse Desktop. @CDriVe: The lack of setup client, as Ray mentioned, will not prevent the ability to connect. if you login through the web and then click on "start" do you see the same behavior (inability to start the session)? do you have a minimum client version configured & enforced? do you see the proper configuration information showing after installation completes? do you see the same behavior if everything is hosted locally (rather than remotely)? ... View more

@rigert i would recommend opening a case with our support team. can you confirm the following: the PCS you are connecting to has a certificate issued by a standard CA you are not using certificate authentication browser-based auth works when you login to the browser, you see an option to launch Pulse what happens when you launch Pulse from the browser? ... View more

please check the user access log to confirm if the role you have been assigned has access to either L3 or L4 connections. based on the message, I am guessing not ... View more

yes, that is correct @shbeuving, that a connection stays overridden until reboot or something automatically triggers the connection (or disconnect, depending on what the rules are) ... View more

you are welcome; glad to hear it worked ... View more

I would recommend reaching out to your account team and let them know this is a configurable option you would like our product and development teams to investigate (disabling the launch-at-boot option) ... View more