IAIT Product Test Review
Pulse Connect Secure 9.0R1: All access routes secured
IAIT thumbnail

With Pulse Connect Secure, Pulse Secure provides an enterprise-class VPN for mobile devices and desktops under Android, Chrome OS, iOS, Linux, macOS and Windows. Pulse Connect Secure (PCS)is built to ensure easy, protected access from any endpoint to corporate applications, data, and services whether existing in the data center or in the private cloud, public cloud or SaaS. In our test laboratory, we looked at how user friendly and comprehensive this solution is for hybrid IT secure access.

Pulse Connect Secure is available as either a physical appliance or as a virtual appliance in the company network. It controls the access of users from external networks to the existing services. Optionally, it is also possible to operate the product in a private or public cloud (AWS or Azure). In order for all users to be able to access their organisation’s resources at all times, the solution offers an extensive feature set. These include the protection of applications and data that are located at various locations, including SaaS applications such as Office 365.

In addition to that, there is also the client-free access via a web interface, the integration of services such as Active Directory and LDAP as well as support for two-factor authentication, SAML 2.0, PKI and IAM respectively digital certificates. A built-in host checker, which ensures that the connecting device complies with the company’s security requirements, is also part of the scope of features. To this end, the system classifies the endpoint devices prior to authentication on the basis of pre-defined policies and only allows access if the conditions within the policies are satisfied.

In addition, there is also secure access to the virtual desktop interface (VDI) from leading manufacturers, such as Citrix XenApp/XenDesktop and VMware Horizon, granular auditing to ensure compliance, the integration of mobile device management products (MDM) and a universal client for both remote and onsite use to ensure smooth roaming. The solution is managed through an intuitive, centralized web interface.

In practice, Pulse Connect Secure works as a layer 3, 4 and 7 SSL VPN with granular access control and as an application VPN that tunnels the traffic between specific applications to certain targets. There is also IPSec/IKEv2 support for mobile devices. In addition, there are also spilt tunnelling features, authentications using hardware token, smart cards, soft token, one-time passwords and certificates as well as RDP, Telnet and SSH sessions on the basis of HTML5. A granular SSL cipher configuration is equally possible.

In Summary

The Pulse Connect Secure VPN appliance is perfectly suited to establish secure means of access to company resources via any kind of connection, whatsoever. In our test, the solution was able to score highly across a very large scope of functions. In our tests, we covered the client-free and client-based access options, the enterprise onboarding, the host checker, the connection sets, and the FQDN split tunnelling – we found these comprehensive features to offer administrators highly flexible configuration options.

Despite the vast range of applications, data stores, and services, Pulse Connect Secure proved to be relatively straight forward to be set up and managed. Both the wizards and the extensive documentation are helpful with this. In the test, it was easy to integrate our appliance into the vendor’s central cloud-based management tool Pulse One. Administrators looking for an efficient solution for securing access to their company resources should definitely take a look at Pulse Policy Secure.

The Test 

In the test, we installed a virtual PCS appliance in our network, configured it, and then accessed our backend services using the VPN it provided. In addition, we also took a close look at the authentication with a local user account and a time-based one-time password with Google Authenticator, the host checking feature, as well as enterprise onboarding. We also worked with various connection sets and analysed the configuration tool with its scope of functions and its wizards.