New Features

Features	Description
Release 9.1R15
Split DNS for FQDN	This feature allows to split the DNS traffic between Physical Adapter (PA)'s DNS server and Virtual Adapter (VA)'s DNS server. This feature is disabled by default. To enable this feature, navigate to System --> Configuration --> Advance Client Configuration and set the value as: <enable-SplitDNS-driver>true</enable-SplitDNS-driver>.
Windows Edge as external browser	This feature supports Windows Edge as default external browser. Add a DWORD “EnableMSEdgeAsExternalBrowser” and set the value to 1 under Computer\HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\Pulse to set user settings and/or Computer\ HKEY_LOCAL_MACHlNE\SOFTWARE\WOW6432Node\Pulse Secure\Pulse to set machine settings to launch Windows Edge as default external browser.
PSAM on MacOS	Pulse Secure client supports Secure Application Manager (SAM) for MacOS. Ensure the system extensions option is enabled.
Windows 10 21H2 support	Pulse client now supports Windows 10 21H2.
Ubuntu 20.04.3	Pulse client now supports Ubuntu 20.04.03.
Release 9.1R14
Minimum Client version enforcement	This feature provides an option for the admin to force upgrade the client version when Minimum Client Version is configured.
Client support for Windows on ARM processor	Windows 10/Windows 11 systems on ARM64 processors supports PDC.
Release 9.1R13.1
Windows 11	Pulse client now supports Windows 11.
Mac OS 12	Pulse client now supports Mac OS 12.
Release 9.1R13
FQDN based split tunnelling with Proxy server	This feature supports proxy when using FQDN based split tunnel. This feature is supported both on Server-side and Client-Side Proxy. Note: DNS Alias Names are not supported with proxy. This feature is available for Windows and MAC only.
PSAM FQDN/IP Allow/Deny Policy	A FQDN over IP precedence flag is set in the PSAM configuration such that PSAM honors FQDN policy over IP based policy in case of resource conflicts. This feature is available for Windows only.
Release 9.1R12
Role Level Upgrade Prompts	This feature provides an option for the administrators to disallow Pulse Client Upgrade prompts for the end users.
Disable NetBIOS	This feature provides an option to enable/disable the NetBIOS configurations.
Pulse Client Universal Binary for macOS	Pulse client supports universal binary for macOS for Intel and ARM.
RHEL 7 support	This feature allows to install RHEL7 Package on RHEL7 or Centos7 machines. The Pulse Client installer for RHEL 7/Centos 7 is not available by default in Pulse Connect secure server. The RHEL 7/CentOS 7 installer is available for download at https://my.pulsesecure.net.
FIDO2 security key (for example, YubiKey) support with CEF on Window	This feature allows Unified Pulse Client to use Chromium Embedded Framework (CEF), to support FIDO2 security key (for example, YubiKey) authentication using FIDO2 U2F protocol. Qualified with Okta and Azure AD as IdP.
FQDN based split tunnel support for Linux	FQDN based split tunnel support is now extended to Linux platforms.
Release 9.1R11.5
No new features in this release.
Release 9.1R11.4
No new features in this release.
Release 9.1R11
YubiKey support with CEF on Mac OS	This feature allows Unified Pulse Client to use Chromium Embedded Framework (CEF), to support YubiKey authentication using U2F protocol on MacOS.
Windows 20H2 Qualification	Pulse Client now supports Windows 20H2.
MacOS Big Sur Qualification	Pulse Client now supports MacOS BigSur.
Apple Silicon (M1) Support on Rosetta 2	Pulse Client supports Apple Silicon (M1) Support on Rosetta 2.
Single logout support for PDC on Linux	SAML Single Logout (SLO) is the protocol that allows users to logout from Service Provider (SP) as well as Identity Provider (IdP) and requiring users to provide credentials again upon next SAML authentication.
Lock-down exception enhancements	This feature allows the PCS to populate the list of core access rules depending on the platforms. Administrators can modify and reorder the list.
Release 9.1R10
No new features for this release.
Release 9.1R9
YubiKey support with CEF for Unified Pulse Linux Client	This feature allows Unified Pulse Linux Client to use Chromium Embedded Framework (CEF), to support YubiKey authentication using U2F protocol.
Unified Pulse Linux client packaging to PCS	This feature provides Unified Pulse Linux Client for download, for supported Linux platforms. The download links for DEB and RPM packages are provided in the Installers page.
IPv6 Support for Unified Pulse Linux Client	This feature allows Unified Pulse Linux Client to support various IPV6 scenarios like, IPV6 in IPV4, IPV4 in IPV6, and IPV6 in IPV6. The feature also supports IPV6 split tunnel rules, Route Precedence, and IPV6 route monitoring.
Source IP Security	This feature supports Source IP Enforcement through a Pulse Policy Secure (PPS) gateway.
ESP Tunnel for Mixed Mode	This feature allows the PCS to use ESP tunnel for 6in4 and 4in6 traffic.
SAML Single Logout Support	SAML Single Logout (SLO) is the protocol that allows users to logout from Service Provider (SP) as well as Identity Provider (IdP) and requiring users to provide credentials again upon next SAML authentication.
Release 9.1R8.2
System Extension support on MacOS	System Extensions/Network Extensions allow to extend the functionality of macOS without requiring kernel-level access.
Pulse Client installer notarization	Pulse macOS client installer allows notarization to support future macOS releases and improve security on macOS and its applications.
Release 9.1R8
No new features for this release.
Release 9.1R7.1
No new features for this release.
Release 9.1R7
No new features for this release.
Release 9.1R6
No new features for this release.
Release 9.1R5
PSAM session window	This feature allows the PSAM users to view the active session information of the configured applications and destinations.
Security Enhancement to support HTTPOnly cookie	Added support to handle the HTTPOnly session cookies in pulse client as part of security enhancement.
Disabling JNPRNS via Advance Client configuration	The feature runs a script/workflow to disable JNPRNS driver every time the user establishes a VPN connection and prevents reattaching of JNPRNS driver on restart. This process results in slight increase in time taken for establishing the VPN connection.
Support for Fedora 30, Ubuntu 19.10 and Debian 10.10 platforms	Pulse Linux Client on Windows now supports Fedora 30, Ubuntu 19.10 and Debian 10 platforms.
Release 9.1R4.2
No new features for this release.
Release 9.1R4.1
No new features for this release.
Release 9.1R4
PSAM details tab	This allows the PSAM users to see the details of the applications which are tunneled via SAM client.
Support after Linux NPAPI removal	This allows to launch JSAM and HOB from Linux browser after deprecation of NPAPI support..
Yubikey smart card support	Yubikey can be used as PIV smart card for VPN authentication. Accept certificates with smartcard logon Enhanced Key Usage option should be enabled on PCS.
Windows Hello for Business	Pulse Desktop Client will now support Windows Hello for business using certificate trust.
Release 9.1R3.1
Linux Client Auto Reconnect	Pulse Desktop Linux Client will now automatically attempt to reconnect in case of an interrupted connection, such as temporarily losing the Wi-Fi connection.
Release 9.1R3
EKU/OID filtering for client certificate selection	Pulse Clientnow provides the administrator an option to specify EKU Text or EKU OID for filtering the certificates displayed in the certificate selection prompt during Cert-Auth. Pulse Client filters the certificates automatically, so that only relevant certificates are displayed.
Optional loading for KEXT Component	Pulse Client on macOS nows load KEXT component only if Traffic Enforcement or Lockdown mode options are enabled. Otherwise, the KEXT component, which requires high privilege access, is not loaded.
pulselauncher.exe to access certs from System Store	Pulse launcher tool (pulselauncher.exe), which is a standalone client-side command-line program, can now access certificates located in system store allowing for certificate-based authentication from the tool.
Release 9.1R2
FQDN resource and IPv4 resource-based split tunneling conflict resolution	PCS supports both FQDN-based and IP-based split tunneling capabilities. When a customer uses both split tunneling rules, PCS now provides flexibility for the customer to choose which rules to give precedence, and ensures the resource access is not impacted when there are conflicting rules.
Manage Pulse Client versions feature support	PCSnow supports the ability to enforce a minimum client version that can connect to the VPN. Administrators have the flexibility to provide a minimum version requirement separately for desktop and mobiles to enforce different client versions.
Support for Windows 10 Version 1903 (OS build 10.0.18362.207)	Pulse Clienton Windows now supports Windows 10 Version 1903 (OS build 10.0.18362.207) Enterprise, 64 bit and Windows 10 Version 1903 (OS build 10.0.18362.207) Professional, 64 bit.
macOS KEXT Notarization	Apple mandates that all macOS applications are notarized by Apple. The Pulse Client for macOS KEXT component is now notarized by Apple.
Release 9.1R1
Launching Pulse Desktop Client using URL	Pulse Client can now be launched using a URL. Customers can insert the URL in any tools (For example: Support ticket management tool), so that when a user clicks on the URL, Pulse Clientis invoked and connects to the VPN. The Allow saving logon information option must be enabled in the Ivanti Connect Secure server settings to use the Launching Pulse Desktop Client using URL feature. (Enable Allow saving logon information > Users > Pulse Client > Connections > <connection name>).
Pulse SAM IPv6 Support	Pulse Client now supports IPv6 traffic tunneling in Pulse SAM mode on Windows 10, Windows 8.1 and Windows 7 platforms.
Automatic Keyboard popup on Surface Pro	When a user selects the username or password field for Pulse Client installed on a Windows Surface device, the virtual keyboard automatically pops up so that the user can enter the required credential.

Release 9.1R15

Split DNS for FQDN

This feature allows to split the DNS traffic between Physical Adapter (PA)'s DNS server and Virtual Adapter (VA)'s DNS server. This feature is disabled by default.

To enable this feature, navigate to System --> Configuration --> Advance Client Configuration and set the value as: <enable-SplitDNS-driver>true</enable-SplitDNS-driver>.

Windows Edge as external browser

This feature supports Windows Edge as default external browser. Add a DWORD “EnableMSEdgeAsExternalBrowser” and set the value to 1 under Computer\HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\Pulse to set user settings and/or Computer\ HKEY_LOCAL_MACHlNE\SOFTWARE\WOW6432Node\Pulse Secure\Pulse to set machine settings to launch Windows Edge as default external browser.

PSAM on MacOS

Pulse Secure client supports Secure Application Manager (SAM) for MacOS. Ensure the system extensions option is enabled.

Windows 10 21H2 support

Pulse client now supports Windows 10 21H2.

Ubuntu 20.04.3

Pulse client now supports Ubuntu 20.04.03.

Release 9.1R14

Minimum Client version enforcement

This feature provides an option for the admin to force upgrade the client version when Minimum Client Version is configured.

Client support for Windows on ARM processor

Windows 10/Windows 11 systems on ARM64 processors supports PDC.

Release 9.1R13.1

Windows 11

Pulse client now supports Windows 11.

Mac OS 12

Pulse client now supports Mac OS 12.

Release 9.1R13

FQDN based split tunnelling with Proxy server

This feature supports proxy when using FQDN based split tunnel. This feature is supported both on Server-side and Client-Side Proxy.

Note: DNS Alias Names are not supported with proxy. This feature is available for Windows and MAC only.

PSAM FQDN/IP Allow/Deny Policy

A FQDN over IP precedence flag is set in the PSAM configuration such that PSAM honors FQDN policy over IP based policy in case of resource conflicts. This feature is available for Windows only.

Release 9.1R12

Role Level Upgrade Prompts

This feature provides an option for the administrators to disallow Pulse Client Upgrade prompts for the end users.

Disable NetBIOS

This feature provides an option to enable/disable the NetBIOS configurations.

Pulse Client Universal Binary for macOS

Pulse client supports universal binary for macOS for Intel and ARM.

RHEL 7 support

This feature allows to install RHEL7 Package on RHEL7 or Centos7 machines.

The Pulse Client installer for RHEL 7/Centos 7 is not available by default in Pulse Connect secure server. The RHEL 7/CentOS 7 installer is available for download at https://my.pulsesecure.net.

FIDO2 security key (for example, YubiKey) support with CEF on Window

This feature allows Unified Pulse Client to use Chromium Embedded Framework (CEF), to support FIDO2 security key (for example, YubiKey) authentication using FIDO2 U2F protocol. Qualified with Okta and Azure AD as IdP.

FQDN based split tunnel support for Linux

FQDN based split tunnel support is now extended to Linux platforms.

Release 9.1R11.5

No new features in this release.

Release 9.1R11.4

No new features in this release.

Release 9.1R11

YubiKey support with CEF on Mac OS

This feature allows Unified Pulse Client to use Chromium Embedded Framework (CEF), to support YubiKey authentication using U2F protocol on MacOS.

Windows 20H2 Qualification

Pulse Client now supports Windows 20H2.

MacOS Big Sur Qualification

Pulse Client now supports MacOS BigSur.

Apple Silicon (M1) Support on Rosetta 2

Pulse Client supports Apple Silicon (M1) Support on Rosetta 2.

Single logout support for PDC on Linux

SAML Single Logout (SLO) is the protocol that allows users to logout from Service Provider (SP) as well as Identity Provider (IdP) and requiring users to provide credentials again upon next SAML authentication.

Lock-down exception enhancements

This feature allows the PCS to populate the list of core access rules depending on the platforms. Administrators can modify and reorder the list.

Release 9.1R10

No new features for this release.

Release 9.1R9

YubiKey support with CEF for Unified Pulse Linux Client

This feature allows Unified Pulse Linux Client to use Chromium Embedded Framework (CEF), to support YubiKey authentication using U2F protocol.

Unified Pulse Linux client packaging to PCS

This feature provides Unified Pulse Linux Client for download, for supported Linux platforms. The download links for DEB and RPM packages are provided in the Installers page.

IPv6 Support for Unified Pulse Linux Client

This feature allows Unified Pulse Linux Client to support various IPV6 scenarios like, IPV6 in IPV4, IPV4 in IPV6, and IPV6 in IPV6. The feature also supports IPV6 split tunnel rules, Route Precedence, and IPV6 route monitoring.

Source IP Security

This feature supports Source IP Enforcement through a Pulse Policy Secure (PPS) gateway.

ESP Tunnel for Mixed Mode

This feature allows the PCS to use ESP tunnel for 6in4 and 4in6 traffic.

SAML Single Logout Support

SAML Single Logout (SLO) is the protocol that allows users to logout from Service Provider (SP) as well as Identity Provider (IdP) and requiring users to provide credentials again upon next SAML authentication.

Release 9.1R8.2

System Extension support on MacOS

System Extensions/Network Extensions allow to extend the functionality of macOS without requiring kernel-level access.

Pulse Client installer notarization

Pulse macOS client installer allows notarization to support future macOS releases and improve security on macOS and its applications.

Release 9.1R8

No new features for this release.

Release 9.1R7.1

No new features for this release.

Release 9.1R7

No new features for this release.

Release 9.1R6

No new features for this release.

Release 9.1R5

PSAM session window

This feature allows the PSAM users to view the active session information of the configured applications and destinations.

Security Enhancement to support HTTPOnly cookie

Added support to handle the HTTPOnly session cookies in pulse client as part of security enhancement.

Disabling JNPRNS via Advance Client configuration

The feature runs a script/workflow to disable JNPRNS driver every time the user establishes a VPN connection and prevents reattaching of JNPRNS driver on restart. This process results in slight increase in time taken for establishing the VPN connection.

Support for Fedora 30, Ubuntu 19.10 and Debian 10.10 platforms

Pulse Linux Client on Windows now supports Fedora 30, Ubuntu 19.10 and Debian 10 platforms.

Release 9.1R4.2

No new features for this release.

Release 9.1R4.1

No new features for this release.

Release 9.1R4

PSAM details tab

This allows the PSAM users to see the details of the applications which are tunneled via SAM client.

Support after Linux NPAPI removal

This allows to launch JSAM and HOB from Linux browser after deprecation of NPAPI support..

Yubikey smart card support

Yubikey can be used as PIV smart card for VPN authentication.

Accept certificates with smartcard logon Enhanced Key Usage option should be enabled on PCS.

Windows Hello for Business

Pulse Desktop Client will now support Windows Hello for business using certificate trust.

Release 9.1R3.1

Linux Client Auto Reconnect

Pulse Desktop Linux Client will now automatically attempt to reconnect in case of an interrupted connection, such as temporarily losing the Wi-Fi connection.

Release 9.1R3

EKU/OID filtering for client certificate selection

Pulse Clientnow provides the administrator an option to specify EKU Text or EKU OID for filtering the certificates displayed in the certificate selection prompt during Cert-Auth. Pulse Client filters the certificates automatically, so that only relevant certificates are displayed.

Optional loading for KEXT Component

Pulse Client on macOS nows load KEXT component only if Traffic Enforcement or Lockdown mode options are enabled. Otherwise, the KEXT component, which requires high privilege access, is not loaded.

pulselauncher.exe to access certs from System Store

Pulse launcher tool (pulselauncher.exe), which is a standalone client-side command-line program, can now access certificates located in system store allowing for certificate-based authentication from the tool.

Release 9.1R2

FQDN resource and IPv4 resource-based split tunneling conflict resolution

PCS supports both FQDN-based and IP-based split tunneling capabilities. When a customer uses both split tunneling rules, PCS now provides flexibility for the customer to choose which rules to give precedence, and ensures the resource access is not impacted when there are conflicting rules.

Manage Pulse Client versions feature support

PCSnow supports the ability to enforce a minimum client version that can connect to the VPN. Administrators have the flexibility to provide a minimum version requirement separately for desktop and mobiles to enforce different client versions.

Support for Windows 10 Version 1903 (OS build 10.0.18362.207)

Pulse Clienton Windows now supports Windows 10 Version 1903 (OS build 10.0.18362.207) Enterprise, 64 bit and Windows 10 Version 1903 (OS build 10.0.18362.207) Professional, 64 bit.

macOS KEXT Notarization

Apple mandates that all macOS applications are notarized by Apple. The Pulse Client for macOS KEXT component is now notarized by Apple.

Release 9.1R1

Launching Pulse Desktop Client using URL

Pulse Client can now be launched using a URL. Customers can insert the URL in any tools (For example: Support ticket management tool), so that when a user clicks on the URL, Pulse Clientis invoked and connects to the VPN.

The Allow saving logon information option must be enabled in the Ivanti Connect Secure server settings to use the Launching Pulse Desktop Client using URL feature. (Enable Allow saving logon information > Users > Pulse Client > Connections > <connection name>).

Pulse SAM IPv6 Support

Pulse Client now supports IPv6 traffic tunneling in Pulse SAM mode on Windows 10, Windows 8.1 and Windows 7 platforms.

Automatic Keyboard popup on Surface Pro

When a user selects the username or password field for Pulse Client installed on a Windows Surface device, the virtual keyboard automatically pops up so that the user can enter the required credential.