Overview
If you currently use Pulse Secure as a VPN client and are looking to install the Umbrella roaming client, this article is a must read. The Cisco Umbrella roaming client will function with Pulse Secure VPN; however, not all modes are supported.
The use of an unsupported mode may result in the users' computers being unable to access Internet resources after disconnection. Please test all deployments in a limited pool before mass deploying.
Unsupported Deployments of Pulse Secure
Pulse Secure is known to conflict with the Umbrella roaming client in the following two scenarios:
- Pulse Windows 10 App style connection.
- Impact: Pulse will not connect
- Pulse Secure FQDN-based split tunneling, split dns
- Impact: On disconnect, saved local DNS may remain VPN values rather than WiFi/Ethernet values due to Pulse modification during VPN connection. This modification is a conflict between the Umbrella modifications and the Pulse modifications on the non-VPN NIC.
- User connectivity will be broken after disconnection until a DHCP lease renew occurs.
- Solution: Do not use name-based split tunneling.
- Support may be added in the future - contact us at umbrella-support@cisco.com to log a feature request.
- Alternative solution: AnyConnect Roaming Security Module (AnyConnect VPN not required. Included in DNS Essentials and higher packages).
- Impact: On disconnect, saved local DNS may remain VPN values rather than WiFi/Ethernet values due to Pulse modification during VPN connection. This modification is a conflict between the Umbrella modifications and the Pulse modifications on the non-VPN NIC.
Comments
1 comment
Great article!
It would be helpful to provide additional information to better identify "Pulse Windows 10 App style connection" as it seems that Pulse is doing in its part in making it cumbersome.
I guess that "Pulse Windows 10 App style connection" is what Pulse documentation (https://docs.pulsesecure.net/WebHelp/Content/PCS/PCS_AdminGuide_8.2/Introducing%20the%20Pulse%20Secure%20Client.htm) mentions as: "Mobile Clients"
Pulse Secure "mobile clients" differ from the "desktop clients" in that they are made available through App Stores (rather than hosted on the Pulse Connect Secure gateway). Pulse Secure offers mobile clients for iOS, Android, Google Chrome OS, and Windows (the Windows mobile client is also called the “Universal App”).
Could you confirm that the following assumptions are correct?
see: https://docs.pulsesecure.net/WebHelp/Content/PCS/PCS_AdminGuide_8.2/Introducing%20the%20Pulse%20Secure%20Client.htm
Pulse Secure desktop clients are fully-featured secure-connectivity clients that can be deployed either directly from the Pulse Connect Secure gateway or via other third-party software distribution mechanisms (e.g., SMS) [...] The Windows desktop client provides VPN, Host Checker, and Layer-2 (NAC) functionality, whereas the OSX desktop client provides VPN and Host Checker functionality
Please sign in to leave a comment.