New Features

The following table describes the major features that are introduced in the corresponding release.



Release 9.1R13

Framed-IP Address Pool

PPS allows the admins to assign IP addresses dynamically for the users or nodes from IP address pools.

This feature is applicable only to RADIUS.

Delegated Admin Control

This feature enables super admin to configure different access levels to RADIUS, SNMP clients and policy configurations listed in the Network Access menu.

Release 9.1R12

MS SQL Server support for Accounting

PPS supports storing the RADIUS accounting information to an external SQL database. PPS offers SQL Accounting feature under Auth Servers. MSSQL accounting supported only for 802.1x use cases and only one SQL server can be configured.

Enhancement to prevent MAC Spoofing

Profiler can now detect a device, which was already scanned and profiled but cannot be scanned anymore. Admin can configure e-mail notification to be sent based on configured interval for devices, which are assigned a group based on the number of failed scan attempts.

Cascading Authentication Server support

Cascading multiple external authentication servers provides a continuous, reliable process for authenticating and authorizing external users. If authentication fails on the first authentication server, then PPS attempts to authenticate the user by using the subsequent external authentication server configured in the realm under the sign-in policy page.

PCS Admission Control using PPS

The Firewall/SIEM detects compromised remote devices, Firewall/SIEM can send threat alert to PPS and PPS can instruct PCS to take action based on threat severity.

Release 9.1R11

PPS and Profiler reporting enhancements

PPS supports report generation and sending it as a PDF attachment in a scheduled email based on filters and time settings.

Release 9.1R10

No new features introduced in this release. See, Noteworthy Changes.

Release 9.1R9

Firewall Provisioning based on Profile Group

PPS allows Administrator to provision Auth Table Mapping policy, Resource Access policy and IoT Access policy configured using profile groups for the devices.

SBR migration service attribute field

PPS supports Service Type configuration in TACACS+ shell policy in SBR to PPS migration.

SBR Shared Secret Password Decryption

PPS supports decryption of shared secret and native user password (encrypted passwords only) in SBR to PPS migration.

Release 9.1R8

McAfee ePO integration for endpoint protection

PPS integration with McAfee ePO supports assessing device security posture through querying of device attribute details and then assigning of roles based on the attribute values.

Nozomi networks PPS integration and policy provisioning

PPS integration with Nozomi Networks supports assessing device security posture through querying of device attribute details and then assigning of roles based on the attribute values.

SBR to PPS migration for TACACS+ usecase

SBR TACACS+ configurations can be migrated to PPS using configuration file import.

Support for pool of NTP servers and NTP status check

PPS now supports pool of NTP servers up to 4 NTP servers to sync date and time.

Assign RADIUS Return Attributes for Local and MAC Auth Users

PPS supports configuration of specific/custom attributes and assignment to a user or group of users. Administrator can use RADIUS Return Attribute Policy and User Return Attribute together to enforce on the client for 802.1x and MAC authentication mechanism.

MSSP Licensing

PPS now supports MSSP licensing model.

UEBA package for fresh installation of PPS

In case you have a fresh installation of PPS, you may download latest UEBA package from Pulse Secure Support Site ( and add the package at Behavior Analysis page before using Adaptive Authentication.


Profiler integration with Nozomi Networks

Profiler integration with Nozomi Networks supports classifying and categorizing OT devices using device attributes.

Agentless classification through RSPAN traffic

Enable passive listening of traffic through RSPAN using TCP and SMB protocols in profiler. This feature helps to detect devices and their attributes for endpoints which are configured with/without static IP addresses

Device time-bound approval

This feature allows the administrator to approve devices for a specific time period.

Profiler UI changes

The PPS User Interface has new tab for Profiler configuration and maintenance.

Profiler customized reports

This feature allows to download custom reports based on the filters applied.

Release 9.1R6

Show Serial Number under Licensing Tab

The PPS Licensing tab (System > Configuration > Licensing) now displays the Serial Number.

Hardware ID is available on System Maintenance Tab

The Hardware ID is now included in System Maintenance > Platform tab.

Host Checker policies hyperlinked to policies page


Host Checker policies is now clickable (hyperlink) in User Realms page.

Release 9.1R5

Pulse Policy Secure on Amazon Web Services (AWS)

Provides NAC services (802.1x, MAC Auth, L3 Firewall Enforcement) to multiple on-premise networks using PPS deployed on Amazon Web Services (AWS) cloud.

SNMP policy enforcement (Alcatel-Lucent, Huawei, Arista)

SNMP policy enforcement is now supported on Alcatel-Lucent, Huawei and Arista switches.

McAfee ePolicy Orchestrator (ePO) integration

Pulse Policy Secure (PPS) integration with the McAfee ePolicy Orchestrator (ePO) provides complete visibility of network endpoints and provide end to end network security. The PPS integration with McAfee ePO allows Admin to perform user access control based on alerts received from the McAfee ePO.

Splunk syslog add-on and Dashboard app

Splunk application for PPS uses the indexed data to render various charts and to show useful information on dashboard. The Pulse Secure App for Splunk allows you to view PPS data in a dedicated, customizable Splunk dashboard. This bidirectional interaction with Splunk allows security managers to quickly monitor the current operational/security posture.

IPv6 Support for Syslog, NTP and Log Archive

PPS now supports sending syslog messages to a syslog server using IPv6 address.

Time synchronization using NTP server is now supported with IPv6 address. PPS also supports transferring archived PPS logs using FTP and SCP over IPv6 network.

SBR to PPS migration

SBR configurations (802.1x and Mac Address Authentication) can be migrated to PPS using XML import.

ECC certificate support for Juniper SRX firewall connection

PPS now supports Elliptic Curve Cryptography (ECC) certificate for SRX firewall connections.

Host Checker policy to detect hard disk Encryption in progress

Host Checker policy to allow detection of hard drive encryption in progress.

MSSQL support on PPS with external DB

PPS supports MSSQL as external Auth server for 802.1x and Layer 3 authentication.

PDF report capability

This feature in PPS allows the user to download the reports (User Summary Report, Single User Activities, Device Summary, Device Discovery, Single Device Activities, Authentication, Compliance, Infected Devices) in PDF format. Apart from the CSV, Tab Limited option, there is an option called PDF provided in PPS Reports.


Backup and Recovery, and Disaster management

Profiler deployments provides backup mechanism for enhanced disaster management (Profiler Forwarder, Remote Profiler, Centralized Standalone Profiler).

Viptela Switch Support

Viptela Switch support is added for SNMP Visibility.

Release 9.1R4

Pulse Policy Secure on

Azure platform

Provides NAC services (802.1x, MAC Auth, L3 Firewall Enforcement) to multiple on-premise networks using PPS deployed on Microsoft Azure cloud.

Huawei - Guest Access

Supports guest access use cases with Huawei WLC.

Mist Juniper WLC

Supports 802.1x and guest access with Juniper Mist WLC.

TACACS+ support for Arista Switch

Support Administrator access control for Arista.

Common Access Card (CAC) support with TACACS+

Supports TACACS+ authorization using Pulse Policy Secure. Authentication is performed by the third-party authentication server.

Provisioning only User-ID information to PAN firewall

Provides an option to admin in Auth table mapping policy to push only IP-User mapping to Palo Alto Networks firewall.

System Local user attribute support (Framed-IP-Address)

Allows to define user Attributes for system local server and associate those attributes to user names, including Framed-IP address. Values of those attributes to be defined for each user name.

Strong Hash

Supports protecting passwords stored in local authentication server using strong hash.

Release 9.1R3

VSYS Support in PAN

Pulse Policy Secure supports provisioning user identity and resource access/IoT policies to multiple VSYS or specific VSYS (other than vsys1) on PAN firewall.

IBM QRadar Integration

Pulse Policy Secure along with IBM QRadar provides user access control based on threats/events received from IBM QRadar.

Splunk Integration

Splunk alert based integration supports sending alert information from Splunk to Pulse Policy Secure. PPS uses its existing functionality of admission control, L2/L3 enforcement and provides role based access control to secure the network.

Fortinet Identity management using RADIUS accounting messages

Pulse Policy Secure supports integration with FortiGate firewall using RADIUS accounting messages.

Mysql support

Pulse Policy Secure supports MYSQL as external Authentication server.

Local user account import through CSV in System local DB

Allows importing user accounts via CSV file in System local auth server. The local authentication server is an authentication database that is built in to PPS.

SNMP Enforcement using ACL for 3Com, DELL

SNMP ACL enforcement support is now expanded for 3Com and Dell switches.

SNMP Enforcement using VLAN for 3Com, Juniper and DELL

SNMP VLAN enforcement support is now expanded for 3Com, Juniper and Dell switches.

One-to-One NAT support

PPS allows auth table provisioning for the endpoints behind NAT (One-to One NAT mapping).

vTM and PPS Integration for Load Balancing

The Platform Limit, Maximum Licensed User Count and Cluster Name attribute values are available for optimal load balancing.

Release 9.1R2

Alert based integration with Nozomi Networks

PPS along with Nozomi Networks provides threat detection and threat response in ICS/OT environ-ment.

Backup configs and archived logs on AWS S3/Azure Storage

Two new methods of archiving the configurations and archived logs are available apart from SCP and FTP methods:

PPS/PCS supports pushing configurations and archived logs to the S3 bucket in the Amazon AWS deployment and to the Azure storage in the Microsoft Azure deployment.


EasiSMS Gateway Support

PPS supports EasiSMS gateway through the SMTP server. EasiSMS uses an email format to send SMS to end user mobile phones.

Flag Duplicate Machine ID in access logs

Pulse client expects the machine ID is unique on each machine. If multiple endpoints have the same machine ID, for security reasons, the existing sessions with the same machine id are closed.

A new access log message is added to flag the detection of a duplicate Machine ID in the following format:

Message: Duplicate machine ID "<Machine_ID>" detected. Ending user session from IP address <IP_address>. Refer document KB25581 for details.

Migration of Cisco ACS RADIUS/TACACS+ client configuration to PPS

Migrating RADIUS/TACACS+ client configuration configured on the Cisco ACS device.

Report Max Used Licens-es to HLS|VLS

The licensing client reports maximum used sessions count instead of the maximum leased licenses count. For MSP customers, this change helps in billing the tenants based on maximum sessions used.

V3 to V4 Opswat SDK mi-gration

PPS supports the migration of servers and clients to Opswat v4 to take advantage of latest updates.

VA Partition

PCS/PPS supports upgrading from PCS 8.2Rx/ PPS 5.3Rx to 9.1R2 for the following supported plat-forms:




When upgrading a VA-SPE running PCS 8.2R5.1/PPS 5.3Rx or below that was deployed with an OVF template to a higher version, the upgrade was failing. This feature solves the upgrade problem for VMWare, KVM and Hyper-V. Refer KB41049 for more details.


Profiler dashboard update

Profiler dashboard supports chart for Profile Groups. This chart is also part of downloaded PDF report.

Windows defender and Microsoft Security Essen-tials support

Agentless Host Checker with Profiler supports Windows defender and Microsoft Security Essentials.

Release 9.1R1

DNS traffic on any physical interface

Prior to 9.1R1 release, DNS traffic was sent over the Internal interface. Starting with 9.1R1 release, an administrator can modify the DNS setting to any physical interface namely Internal Port, External Port or Management Port.

Google Auth Multi Factor Authentication

TOTP server can be added as a secondary auth server in PPS.

Machine certificate check on MacOS

Machine certificate check on Mac OS is now supported for PPS.

Meraki 802.1x and Guest Access support

802.1X and Guest Access support is qualified with Cisco Meraki WLC.

RADIUS server capability on External port

802.1X authentication is now supported on external port.

SAML Auth Server support

PPS can be configured as SAML service provider (SP) for all industry standard SAML IdP's.

Session bridging for Linux Platform

PPS supports bridging the Layer 2 Native Supplicant 802.1X session with Layer3 Agentless (Browser based) Session on Linux platform.

Session Migration using Cert authentication

Session migration in an IF-MAP federated network supports Cert Auth and SAML auth

SNMP Enforcement using ACL (Cisco, HP, Juniper)

SNMP enforcement using ACL is supported for Cisco, Juniper and HP switches.

TACACS+ Enhancements - DB sync, pass back attributes to devices such as F5 and Juniper

TACACS+ authorization support for Administrators using custom attributes for Juniper and F5 devices.

TACACS+ configuration synchronization across WAN cluster



Distributed Profiler Enhancements

The Administrators can sync the profiled data from one Profiler to another from the profiler auth server configuration page. Multiple branch offices can sync their profiled data to central office. Ad-min can view the Device Discovery Report to view and control the multiple offices.

Profiler Device Age Out

Profiler device age-out interval configuration allows admin to automatically delete the devices from the database. Admin can define the age-out interval for a group of devices also using Profile Groups

Profile Windows devices using SNMP (HOST)

SNMP-HOST Collector is a collection method that receives endpoint information where the end-points are monitored through SNMP. Admin can configure subnets to scan and community strings in profiler auth server configuration page.

Approval for Profile Groups

Administrator can select "needs approval" for selected Profiler group.

Key-value based search in DDR

Administrator can search in DDR with key value-based query. Query syntax is similar to that of pro-file groups.

Publishing IP address from Profiler to Active User Session

Admin can add IP address from Profiler to active session for L3 enforcement when RADIUS account-ing is not enabled. This is supported only for MAC auth and dot1X.

Huawei switches added in supported list for Network Infrastructure Device

Admin can select Huawei switch from supported list in network infrastructure device page.