PulseSecure VPN
PulseSecure VPN is a seamless remote access VPN solution that enables you to access the On-prem resources. This document contains the best practices required in PulseSecure VPN and Netskope Client to ensure smooth interoperability.
Environments
Pulse Server Version: 9.1R14 (build 16847)
Pulse Client version: 9.1.14.13525
Netskope Client version: 94.1.1.960
Specific configurations in PulseSecure VPN and Netskope tenant web UI ensure processes or traffic from either of the applications are not blocked or directed to the Netskope Cloud.
Configurations In PulseSecure VPN
Create VPN Connection Profile
In the admin console, navigate to Users > Resource Policies > VPN Tunneling > Connection Profiles.
On the Connection Profiles page, click New Profile and enter the IPV4 Address Pool range. (You can use the Pool from AWS External VPC subnet IP range).
Set the Connection settings as ESP mode.
Set the Split Tunnel DNS Search order as Search the device's DNS servers first, then client.
Save the profile.
Create VPN Split Tunnel Resource
In the admin console, navigate to Users > Resource Policies > VPN Tunneling > Split tunneling networks.
Add a New policy and fill in the Name and description.
Fill in the Split tunnel Web resources in the field > FQDN Resources. For example, www.cnn.com.
Set the Roles to Policies applies to ALL roles.
Set the Actions as Allow Access.
Save the configuration.
Enable Split Tunnel In User Roles Page
In the admin console, navigate to Users > User Roles > Role Name > VPN Tunneling and click Options.
Under Split tunneling, go to settings and choose Enable. You can choose Disable for Full-tunnel mode.
Under VPN Client Options, select Tunnel routes as the route precedence (Applicable on Windows, MAC OSX, and Linux).
Save the configuration.
Configurations In Netskope Client
When installing Netskope Client along with a VPN client, configure exceptions in steering configurations to bypass traffic from the VPN client. To learn more about adding exceptions for third-party VPN apps, view Exceptions.
Create a Network Location
To add the VPN gateway server URL in Netskope Policy :
Go to Policies > Profiles > Network Location > New Network Location and select either Single Object or Multiple Objects.
To add a Single Object, provide an IP address, IP address range, or a CIDR netmask, When finished, click the adjacent + button, and then click Next. Enter a name for the network location, and then click Save Network Location.
To add Multiple Objects, upload a CSV file with multiple IP addresses or ranges. Enter a name for the network locations, and then click Save Network Location.
When finished, click Apply Changes.
Create Destination Location Exception
To add a Destination Location exception, go to Steering Configuration and select a configuration.
In the EXCEPTIONS tab, click the NEW EXCEPTION drop down list and select Destination Location.
In the New Exception pop-up window, enter select the Network Location profile from the list.
Click ADD to complete the process.
Netskope Client Functions
Refer to the list of validated use cases that you can use to verify Client operations.
PulseSecure VPN Validation
Ensure that the traffic is going through the VPN.