Session Bridging using Certificate Authentication

Introduction

On Mac OS X, Windows and Linux endpoint using native supplicant, PPS Host checking can be enforced only for Layer 3 connection. Once the endpoint gets authenticated using native supplicant and gains network access, you can launch and install Pulse Secure client using web browser deployment or SCCM advertisement to establish a Layer 3 session.

This evaluates the health status of the endpoints and thereby ensuring legitimate resource access behind PPS Enforcer. There will be only one session for Layer 2 and Layer 3 connections on PPS which will consume single license.

For agentless host checking, native supplicant is used to perform 802.1x authentication. The compliance check is performed using browser based agentless L3 session. The L2 and agentless L3 session are bridged on PPS to provide compliance based layer 2 access control. For access control, RADIUS return attribute Filter-ID with Radius COA is used.

Session Bridging Support Matrix

Clients

Session

Operating System

Authentication Mechanism

Pulse Client/Browser Sessions (Agentless)

Layer 3

Windows/Mac OS X

User Name, Password/Certificate

Native Supplicant

Layer 2

Windows/Mac OS X

802.1X, SNMP, RADIUS, Mac Authentication