Pulse Secure SSL
This VPN connection type is supported on iOS, macOS, Android, and Windows devices.
Ivanti, Inc recommends using the Pulse Secure SSL connection type instead of Juniper SSL.
Use the following guidelines to configure Pulse Secure SSL VPN.
Within these selections, you may make settings for:
Proxy - None (default)
Use the following guidelines to configure a Pulse Secure SSL VPN without a proxy.
|
Item |
Description |
|
Name |
Enter a short phrase that identifies this VPN setting. |
|
Description |
Provide a description that clarifies the purpose of these settings. |
|
Channel |
For macOS only. Select one of the following distribution options: •Device channel - the configuration is effective for all users on a device. This is the typical option. •User channel - the configuration is effective only for the currently registered user on a device. |
|
Connection Type |
Select Pulse Secure SSL. |
|
Samsung Knox |
This setting applies to Android devices only. |
|
Deploy inside Knox Workspace |
This setting applies to Android devices only. |
|
Server |
Enter the IP address, hostname, or URL for the VPN server. |
|
Proxy |
|
|
Username |
Enter a value for the username (required.) The default value is $USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. |
|
User Authentication |
Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential. If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS. |
|
Password |
Specify the password to use (required.) The default value is $PASSWORD$. Use this field to specify a custom format, such as $PASSWORD$_$USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password. |
|
Role |
Specify the Pulse user role to use as a restriction. |
|
Realm |
Specify the Pulse realm to use as a restriction. |
|
VPN On Demand |
|
|
Per-app VPN |
This setting does not apply to Windows devices. |
|
Provider Type |
This setting applies to iOS and macOS devices only. |
Continue with Windows Configuration.
Continue with Custom Data.
Proxy - Manual
Use the following guidelines to configure a Pulse Secure SSL VPN with a manual proxy.
|
Item |
Description |
|
Name |
Enter a short phrase that identifies this VPN setting. |
|
Description |
Provide a description that clarifies the purpose of these settings. |
|
Channel |
For macOS only. Select one of the following distribution options:
|
|
Connection Type |
Select Pulse Secure SSL. |
|
Samsung Knox |
This setting applies to Android devices only. |
|
Deploy inside Knox Workspace |
This setting applies to Android devices only. |
|
Server |
Enter the IP address, hostname, or URL for the VPN server. |
|
Proxy |
|
|
Proxy Server |
|
|
Proxy Server Port |
|
|
Type |
|
|
Proxy Server User Name |
If the authentication type is Static, enter the username for the proxy server. If the authentication type is Variable, the default variable selected is $USERID$. |
|
Proxy Server Password |
If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below. If the authentication type is Variable, the default variable selected is $PASSWORD$. |
|
Proxy Domains (iOS only) |
This field applies to iOS and macOS devices only. |
|
Username |
Enter a value for the username (required.) The default value is $USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. |
|
User Authentication |
Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential. If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS. |
|
Password |
Specify the password to use (required.) The default value is $PASSWORD$. Use this field to specify a custom format, such as $PASSWORD$_$USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password. |
|
Role |
Specify the Pulse user role to use as a restriction. |
|
Realm |
Specify the Pulse realm to use as a restriction. |
|
VPN On Demand |
|
|
Per-app VPN |
This setting does not apply to Windows devices. |
|
Provider Type |
|
Continue with Windows Configuration.
Continue with Custom Data.
Proxy - Automatic
Use the following guidelines to configure a Pulse Secure SSL VPN with an automatic proxy.
|
Item |
Description |
|
Name |
Enter a short phrase that identifies this VPN setting. |
|
Description |
Provide a description that clarifies the purpose of these settings. |
|
Channel |
For macOS only. Select one of the following distribution options: •Device channel - the configuration is effective for all users on a device. This is the typical option. •User channel - the configuration is effective only for the currently registered user on a device. |
|
Connection Type |
Select Pulse Secure SSL. |
|
Samsung Knox |
This setting applies to Android devices only. |
|
Deploy inside Knox Workspace |
This setting applies to Android devices only. |
|
Server |
Enter the IP address, hostname, or URL for the VPN server. |
|
Proxy |
|
|
Proxy Server URL |
Enter the URL for the proxy server. Enter the URL of the location of the proxy auto-configuration file. |
|
Proxy Domains (iOS only) |
|
|
Username |
Enter a value for the username (required.) The default value is $USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. |
|
User Authentication |
Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential. If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS. |
|
Password |
Specify the password to use (required.) The default value is $PASSWORD$. Use this field to specify a custom format, such as $PASSWORD$_$USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password. |
|
Role |
Specify the Pulse user role to use as a restriction. |
|
Realm |
Specify the Pulse realm to use as a restriction. |
|
VPN On Demand |
|
|
Per-app VPN |
This setting does not apply to Windows devices. |
|
Provider Type |
|
Continue with Windows Configuration.
Continue with Custom Data.
Windows Configuration
Allowed Secured Resources (Windows Phone only)
Excluded Secured Resources (Windows Phone only)
See Application-triggered VPN for Windows devices for information on how to configure these settings to set up application-triggered VPN for 8.0.1 devices.
|
Item |
Description |
|
Windows Configuration |
Enter the secured resources (domains, IP ranges, or apps) used by the Send All Traffic option. |
|
Always On |
Select this option to keep the VPN on. Lock Down supersedes this option for Windows devices. |
|
Lock Down |
You cannot change the assigned settings unless 1) the Lock Down setting is removed from the profile and the new profile is pushed to the device or 2) the device is un-enrolled from Ivanti EPMM. This option supersedes the Always On option. |
Custom Data
- Add+ - Click to add a new key / value pair.
- Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.