- Pulse Secure Client Configuration
- Pulse Secure Client Xml Configuration For Macos Windows 7
- Pulse Secure Client Xml Configuration For Macos Mac
Using the Advanced Client Configuration Feature
![Configuration Configuration](/uploads/1/2/6/5/126571604/828403773.png)
This topic describes the XML advanced client configuration that can be used by the PCS administrator to configure the custom settings, which are meant to solve a specific customer scenario without changing the PCS admin console. Admin can set these custom settings in the form of XML input through the Advanced Client Configuration UI feature. Pulse clients supporting these custom settings will consume them when connecting to this PCS, and the same would be applied on the client machines. From 9.0R3 release onwards, this feature will minimize the number of changes going into the PCS admin console, inorder to fulfull a custom requirement of a specific customer.
In the earlier Pulse client releases, i.e. prior to v5.2R2, the virtual adapter MTU was calculated based on the physical adapter MTU (of the host machine) and the MTU sent by the PCS.
Basically the formula used to calculate the virtual adapter MTU is:
MIN (Physical Adapter MTU, MTU from PCS, TCP MSS value + 40)
Pulse 5.0R1 and below: In the following versions, deploying Pulse Secure Desktop client on a shared operating system image is not supported. The following manual solution can be implemented if machines have been deployed with a duplicate machine guid. When deploying Pulse Secure Desktop client, which is pre-installed for a Windows OS image being shared across multiple endpoints, the guid value. Pulse Cloud Secure extends the same features from Pulse Secure to the cloud. With Cloud Secure, user authentication and device compliance are handled through Pulse Connect Secure. Users have easy and seamless access to both the cloud and data center using secure single sign-on with support for SAML 2.0 and strong authentication without passwords. KB44312 - Pulse Desktop Client end users are unable to reach resources via proxy server after upgrading to macOS 10.15 KB44321 - 'PulseSecure.pkg' can't be opened because Apple cannot check it for malicious software when installing Pulse Desktop Client installer (PKG file) on macOS 10.15.1 and above.
Following is one of the scenario where Firewall on the data path is stripping the TCP MSS options being advertised by the SA/PCS to the Pulse client. In this scenario, the TCP MSS value on the Pulse client will default to a minimum value of 536, and as a result the client side MTU calculation will result in a minimum MTU value of 576. Here, customer wants to ignore the TCP MSS options while calculating the Virtual Adapter MTU calculation.
If the administrator configures the Pulse Connect Secure sever with the following XML input in 'Advanced Client Configuration for Pulse Client' option, it will ignore TCP MSS options while calculating the virtual adapter MTU on client side.
- Select System > Configuration > Advanced Client Configuration to display the configuration page.
Figure shows the configuration page for Pulse Connect Secure.
- Enter the following XML input in 'Advanced Client Configuration for Pulse Client'.
<advanced-config>
<version>9.0.3</version>
<desktop-client-config>
<layer3-connection-config>
<adapter-config>
<ignore-tcp-mss>TRUE</ignore-tcp-mss>
![Pulse Secure Client Xml Configuration For Macos Pulse Secure Client Xml Configuration For Macos](/uploads/1/2/6/5/126571604/354358291.jpg)
Pulse Secure Client Configuration
</adapter-config>
Pulse Secure Client Xml Configuration For Macos Windows 7
</layer3-connection-config>
Pulse Secure Client Xml Configuration For Macos Mac
</desktop-client-config>
</advanced-config>
- Click Save Changes.
The advanced configuration setting 'ignore-tcp-mss' is Layer3 Adapter configuration setting and this will be consumed by the Pulse client as part of the IpsecConfig.
NOTE: This “ignore-tcp-mss” setting is applicable for the virtual adapter MTU calculation only for IPv4. By default, the setting is always false, and therefore the TCP MSS options are always considered for MTU by default. Admin has to explicitly set the ignore-tcp-mss setting to TRUE (case-insensitive), to ignore the TCP MSS.