Products
Solutions
Partners
Support


Pulse Policy Secure
The power of Network Access Control with the simplicity of elegant design.
Visibility
On-box Pulse Secure Profiler
Description

  • Endpoint visibility into on-premise and remote connection via PCS
  • Fingerprinting Methods: DHCP Fingerprinting (Helper Address or RSPAN port), MAC OUI, SNMP/SNMP Traps, CDP/LLDP, HTTP User Agent, Nmap, WMI and MDM
  • Device Discovery Reporting & Dashboard with advanced filters and historical data

Benefits
 
  • Collect endpoint device profiling information and maintain dynamic, contextual inventory of networked devices including loT devices
  • View local and remote endpoints from single GUI
  • Monitor and manage devices for profile change
  • Supports comprehensive policy enforcement
  • Use device inventory for asset management
  • Useful for troubleshooting and visibility purpose

Advanced Network and Application Protection
Role-based, application-level enforcement
Desciption

  • Integration with best-of-breed next-generation firewalls adds enforcement at the network perimeter
    • Fortinet
    • Palo Alto Networks
    • CheckPoint
    • Juniper SRX
  • Policies can be defined to control time-of-day and bandwidth restrictions per application or per role.

Benefits
 
  • Enables access control and security policies to be applied to the application level, granularly protecting your network, applications, and data.
  • Ensures that users adhere to application usage policies, controlling access to applications such as instant messaging, peer-to-peer, and other corporate applications.

Automated patch assessment checks and remediation (optional)
Description

  • Can tie access directly to the presence or absence of specific hot fixes for defined operating systems and applications, and performs role-based, predefined patch management checks according to the severity level of vulnerabilities.
  • Installed Systems Management Server (SMS) and/or System Center Configuration Manager (SCCM) can be leveraged to automatically check for patch updates, quarantining, remediating, and providing authorized network access once a device has been remediated.

Benefits
 
  • Enables enhanced, granular endpoint device health and security state assessments.
  • Minimizes user interaction and downtime through automatic remediation and management of patches for endpoint devices, reducing help desk calls.

Identity-based admission control
Description

  • Combines identity-aware capabilities of Pulse Policy Secure with the robust networking and security services of Fortinet, Palo Alto Networks, Checkpoint, and Juniper SRX Series Firewalls, enabling each to be employed as policy enforcement points.

Benefits
 
  • Dynamic assessment and enforcement for every device/user connects to the network
  • Reduces Mean Time to Respond (MTTR)
  • Extend BYOD to perimeter to grant/deny access to specific user or device.

Automated Threat Response
Description

  • Leverages next-generation firewall’s intelligence driven threat detection to take automated actions by Pulse Policy Secure at the device and user level. Pulse Policy Secure’ comprehensive policy engine and rich contextual information allows it to take different actions based on threat severity and mitigate security risk further.

Benefits
 
  • Addresses and mitigates network insider threats quickly and simply.
  • Minimizes network and user downtime.

Captive portal
Description

  • If a user attempts unauthorized network access via a Web browser, administrators have an option to redirect the user to a Pulse Policy Secure enabled PSA Series or MAG Series Appliance (Hardware or Virtual) for authentication.
  • Once the user logs into the PSA Series or MAG Series Appliance with appropriate credentials, Pulse Policy Secure and the PSA Series or MAG Series appliance will redirect the Web browser back to the original resource from which it had been redirected.

Benefits

  • Provides network access control for guests and contractors

Identity-Enabled Network and Application Control, Visibility, and Monitoring
Federation
Description

  • Federation of user sessions between Pulse Connect Secure (SSL VPN) and the Pulse Policy Secure, both running on PSA or MAG Series Appliances, enables seamless provisioning of remote access user sessions into LAN access user sessions upon login, or alternatively LAN access user sessions into remote access user sessions at login.
  • Allows a remote access user connected via SSL VPN to a PSA or MAG Series Appliance with Pulse Policy Secure to be granted seamless access to the LAN and its protected resources through a PSA or MAG Series Appliance running Pulse Policy Secure, without needing to re-authenticate.
  • Users authenticated to one Pulse Policy Secure-enabled PSA or MAG Series Appliance may, if authorized, access resources protected by another Pulse Policy Secure-enabled PSA or MAG Series Appliance, enabling “follow-me” policies.
  • Pulse Policy Secure leverages the TCG’s Trusted Network Connect standard IF-MAP protocol to enable federation.

Benefits
 
  • Offers a consistent user access experience.
  • Enables location awareness and session migration capabilities in Pulse Secure Solution.

Identity-enabled firewalls
Description

  • Combines identity-aware capabilities of Pulse Policy Secure with the robust networking and security services of Fortinet, Palo Alto Networks, Checkpoint, and Juniper SRX Series Firewalls, enabling each to be employed as policy enforcement points.

Benefits
 
  • Drastically increases scalability for data center environments and branch offices alike.

User role-based AppSecure policies
Description

  • Configures application-aware firewall policies in Fortinet, Palo Alto Networks, CheckPoint, and Juniper SRX Series firewalls based on the role of an authenticated user to Pulse Policy Secure.
  • Empowers deployed Fortinet, Palo Alto Networks, CheckPoint, and Juniper SRX Series Firewalls to utilize user role information to apply granular policies for application access based on a specific user’s identity.

Benefits
 
  • Adds identity-awareness to application- aware firewall policies, delivering fi access control granularity.

Mobile Device Management (MDM) Integration
Description

  • Allows for policy based on mobile device attributes and state collected from 3rd party MDM vendors such as MobileIron and AirWatch solutions.
  • Enables virtually transparent deployment of fully configured Pulse Clients for simplified mobile SSL VPN connectivity and NAC role-based access.
  • Consolidates mobile device and policy management controls reducing operational complexity

Benefits
 
  • Reduces complexity and increases policy intelligence to simplify and secure BYOD efforts for both IT and end-users

Standards-Based, Interoperable Access Control
TNC open standards support, including IF-MAP support and Windows SOH and embedded NAP Agent support (optional)
Description

  • Adopts and provides strong support for the TCG’s TNC open standards for network access control and security.
  • Adopts the TNC’s open standard IF-MAP, enabling integration with third- party network and security devices, including devices that collect and (through IF-MAP) share information on the state and status of a network, user, or device.
  • Pulse Policy Secure-enabled PSA or MAG Series Appliance can serve as Metadata Access Point (MAP) servers, enabling collected data to be used in formulating policies and appropriate access actions.
  • Through the TNC SOH standard, leverages preinstalled Windows 10, Microsoft Windows 8.1, Windows 8, Windows RT, Windows 7, Windows Vista, clients for access control with the Pulse Access Control Service, allowing use of the Windows Security Center (WSC) SOH in access control decisions.

Benefits
 
  • Empowers organizations to select endpoint and network security solutions that meet their needs without concern for interoperability.
  • Enables ease of deployment, leading to faster ROI.
  • Integrates existing, third-party network and security devices into the access control platform.
  • Streamlines client deployment, simplifying access control rollout and implementation.

RADIUS / 802.1x Support
Description

  • Support robust industry standard RADIUS and 802.1x (IEEE standard) protocol for port-based network access control. It provides an authentication mechanism for devices and users attempting to connect to wired and wireless LANs so that only authorized connections are allowed.

Benefits
 
  • Guarding mission-critical applications and sensitive data.
  • 802.1x authentication combined with AES encryption improves security.
  • 802.1x with RADIUS CoA improves user experience without starting entire process of authentication and allows devices to change VLAN/ACL for the endpoint based on roles.
  • 802.1x with RADIUS return attributes simplifies Role-based Access for endpoints.
  • In-built RADIUS server offers scalable 802.1x deployment with Role-based access control.
  • Provides expanded interoperability with industry leading Cisco, HP/Aruba and Brocade/Ruckus network infrastructure. No firewall enforcement is required.

SNMPv1/v2c/v3 Support
Description
 
  • Supports endpoint and network device Visibility with SNMP v1/v2c/v3. The endpoints are discovered through SNMP Traps and network devices are discovered with SNMP discovery mechanism.
  • Pulse Policy Secure also support SNMP enforcement for MAC based authentication and role assignment. After MAC authentication, Layer 3 Pulse session used for comprehensive host checking capability.

Benefits
 
  • Endpoint and Network Device Visibility
  • Ease of NAC deployment with SNMP enforcement based on compliance and role-base access
  • Support hybrid NAC deployment (802.1x for wireless network and SNMP for wired network)
  • Reduce CAPEX by supporting legacy switches that do not support 802.1x feature

Simple, Flexible Deployment
Guest access support
Description

  • Onetime guest user accounts are available.
  • Guest user accounts may also be provisioned with a predefined timeout period.
  • Administrators control the maximum time duration allowed.
  • Reception and other nontechnical enterprise employees can host/provision secure guest user accounts dynamically through easy-to-use guest user account management.
  • Bulk account creation can be used to create a large number of guest user accounts.
  • The ability to send guest user credentials via e-mail to an expected guest user simplifies guest account creation.

Benefits
 
  • Enhances and simplifies an organization’s ability to provide secure, differentiated guest user access to its network and resources.

Centralized policy management
Description

  • Common configuration templates can be shared between Pulse Connect Secure (remote access control) and Pulse Policy Secure (network access control) deployments using Pulse One Security Manager.
  • Pulse One also provides a single management server that can configure key components of a Pulse Policy Secure deployment.

Benefits
 
  • Saves administrative time and cost and a superior user experience by delivering common remote and local access control policy implementation and enforcement across a distributed enterprise.
  • Makes possible and simplifies enterprise-wide deployment of uniform access control policies.

Common access licensing
Description

  • Only requires user licenses (with appropriate Pulse PSA or MAG Series Appliances) to initiate access control.
  • User licenses can either be used for concurrent user sessions with Pulse Policy Secure or Pulse Connect Secure.

Benefits
 
  • Simplifies the product licensing model that can be used across NAC and SSL VPN deployments. Note: Please see the Ordering Information section for the new common access license SKUs that can now be used for Pulse Policy Secure and Pulse Connect Secure.

Wizard-based configuration
Description

  • An optional, step by step configuration wizard to aid administrators in the configuration of five of the most common deployment scenarios, including:
    • System setup
    • RADIUS configuration
    • Guest user management
    • L2 enforcement
    • L3 enforcement
  • Tasks for a given deployment scenario are arranged in a well-defined, dependent order.
  • Wizard-based configuration admin UI navigates to the corresponding configuration screen when the administrator clicks on a particular task.

Benefits
 
  • Aids administrators in navigating and familiarizing themselves with configuration tasks in Pulse Policy Secure admin UI.

Intuitive dashboard
Description

New dashboard design provides:
  • System overview - system information, licenses used, total users, critical events, etc.Activity - Appliance statistics, authentication success/failure, compliance results, realms, etc.
  • Active user and endpoint management

Benefits
 
  • The rich data representation of endpoints visibility, activity monitoring and system overview enables administrators to quickly analyze and troubleshoot overall network security posture assessment.

Dynamic authentication policy
Description

  • Leverages an organization’s existing investment in directories, Public Key Infrastructure (PKI), and strong authentication.
  • Supports 802.1X, RADIUS, Lightweight Directory Access Protocol (LDAP), Microsoft Active Directory, SQL (Oracle), RSA Authentication Manager, Network Information Service (NIS), certificate servers (digital certificates/PKI), local login/password, CA SiteMinder, RSA ClearTrust, and RADIUS Proxy.
  • Supports RADIUS CoA (Change of Authorization) Change the attributes of an authentication, authorization, and accounting session during re-authentication process

Benefits
 
  • Saves time and expense by leveraging and interfacing with existing AAA infrastructures.
  • Establishes a dynamic authentication policy for each user session.
  • Enables support—through RADIUS proxy—for deployments where certain authentications are supported by a backend RADIUS server.
  • Provides expanded interoperability with Cisco, HP/Aruba and Brocade/Ruckus network infrastructure. Without starting entire process of authentication, RADIUS CoA allows devices to change the VLAN/ ACL for the endpoint based on roles. No firewall enforcement is required.

Dynamic addressing of unmanageable endpoint devices
Description

  • Employs media access control (MAC) address authentication via RADIUS, in combination with MAC address whitelisting and blacklisting; or, leverages existing policy and profile stores (through LDAP interfaces) or asset discovery or profile solutions for role- and resource-based access control of unmanageable devices such as networked printers, cash registers, bar code scanners, VoIP handsets, etc.

Benefits
 
  • Enhances network and application protection.
  • Makes it simpler and faster for organizations to deploy access control across their entire network regardless of device manageability.
  • Saves time and cost.

Pulse Secure/Pulse Policy Secure localization
Description

  • Provides localized UI, online help, installer, and documentation for Pulse Secure Solutions, supporting the following languages:
    • Chinese (Simplified)
    • Chinese (Traditional)
    • English
    • Korean
    • French
    • Spanish
    • Japanese
    • German
Benefits
 
  • Enables organizations to effectively deploy Pulse Policy Secure worldwide.

Granular auditing and logging
Description

  • Provides fine-grained auditing and logging capabilities, including access to Pulse Policy Secure RADIUS diagnostic log files, delivered in a clear, easy to understand format.
  • Captures detailed logging by the roles that users belong to, resources that they are trying to access, and the state of compliance of the endpoint and user to the security policies of the network.

Benefits
 
  • Simplifies the diagnosis and repair of network issues that arise.
  • Addresses industry and government regulatory compliance and audits.

Product Licenses and Options
Common access licenses
Description
 
  • With the Pulse PSA or MAG Series Appliances, common access licenses are available as user licenses. With common access licensing, licenses can either be used for Pulse Policy Secure (NAC) user sessions, or Pulse Connect Secure (SSL VPN) user sessions. Please refer to the Ordering Information section for more details.
  • For administrative ease of use, each license enables as many users as specified, and licenses are additive. For example, if a 100 user license was originally purchased and the concurrent user count grows over the next year to exceed that amount, simply adding another 100 user license to the system will allow support for up to 200 concurrent users. The maximum number of common access licenses for Pulse Policy Secure and Pulse Connect Secure varies per Pulse PSA or MAG Series Appliance.

Supported Appliances
PSA300, PSA3000, PSA5000, PSA7000c/f, MAG2600, MAG4610, MAG6610, MAG6611

Enterprise licenses
Description
 
  • Enterprise licenses allow any organization with one or more Pulse PSA or MAG Series Appliances to easily lease user licenses from one firewall to another, as required to adapt to changing organizational needs. The centralized licenses can be either perpetual or subscription licenses. Perpetual licenses feature a onetime charge; however, maintenance is an additional cost and an additional license is required to allow each Pulse PSA or MAG Series Appliance to participate in leasing.
  • Subscription licenses offer a more flexible and overall valuable option with one, two, or three-year terms. Subscription licensing requires a licensing server, either dedicated or partially dedicated. (Please note that the licensing server does require a hardware maintenance contract.)

Supported Appliances
PSA300, PSA3000, PSA5000, PSA7000c/f, MAG2600, MAG4610, MAG6610, MAG6611

IF-MAP server licenses
Description
 
  • Leveraging the TNC’s IF-MAP specification, a Pulse PSA or MAG Series Appliance with Pulse Policy Secure (as a standalone or in a cluster) may operate solely as a MAP server with no additional concurrent user licenses.
  • In this mode, the Pulse PSA or MAG Series Appliance with Pulse Policy Secure must have a MAP server license installed.
  • Mixed Pulse PSA or MAG Series Appliances and MAP server mode is defined as any Pulse PSA or MAG Series Appliance with Pulse Policy Secure that simultaneously acts as both a Pulse PSA or MAG Series Appliance with Pulse Policy Secure and as a MAP server, where a concurrent user license has been installed. In this case, the MAP server license is not required on that Pulse PSA or MAG Series Appliance.

Supported Appliances
PSA300, PSA3000, PSA5000, PSA7000c/f, MAG2600, MAG4610, MAG6610, MAG6611

Pulse Secure Profiler licenses
Description

  • This license enables organizations to detect and classify managed and unmanaged devices (local or remote) on the network for a complete visibility. It also enables RADIUS server functionality for AAA/RADIUS services running on Pulse PSA or Virtual appliances.

Supported Appliances
PSA300, PSA3000, PSA5000, PSA7000c/f, MAG2600, MAG4610, MAG6610, MAG6611

Role-based licenses
Description

  • With the Pulse PSA or MAG Series Appliances, Policy Secure licenses are available as user licenses. Please refer to the Ordering Information section for more details.
  • For administrative ease of use, each license enables as many users as specified, and licenses are additive. For example, if a 100 user license was originally purchased and the concurrent user count grows over the next year to exceed that amount, simply adding another 100 user license to the system will allow support for up to 200 concurrent users. The maximum number of Policy Secure license varies per Pulse PSA or MAG Series Appliance.

Supported Appliances
PSA300, PSA3000, PSA5000, PSA7000c/f, MAG2600, MAG4610, MAG6610, MAG6611

We'd love to chat with you

We've got so much to tell you about how our products can help you enable Secure Access for the next generation of your business, but we're also good listeners.