Pulse Secure Connection Set Options
The following items apply to all connections in a connection set.
- Allow saving logon information—Controls whether the Save Settings check box is available in login dialog boxes in the Pulse client. If you clear this check box, the Pulse client always requires users to provide credentials. If you select this check box, users have the option of saving their credentials.
The Pulse Secure client can retain learned user settings. These settings are retained securely on the endpoint, evolving as the user connects through different Pulse servers. The Pulse Secure client can save the following settings:
- Certificate acceptance
- Certificate selection
- Username and password
- Proxy username and password
- Secondary username and password
Note: If the authentication server is an ACE server or a RADIUS server and authentication is set to Users authenticate using tokens or one-time passwords, Pulse ignores the Allow saving logon information option. If the user sees a username and token prompt and the Save settings check box is disabled. Pulse supports soft token, hard token, and smart card authentication.
When a user opts to save settings, that information is used for each subsequent connection without prompting. If a setting changes (for example, if a user changes a password), the saved setting is invalid and connection attempts fail. In this case, the user must use the client’s Forget Saved Settings feature, which clears all user-saved settings.
- Allow user connections—Controls whether connections can be added by the user.
- Display splash screen—Clear this check box to hide the Pulse splash screen that normally appears when the Pulse client starts.
- Dynamic certificate trust—Determines whether users can opt to trust unknown certificates. If you select this check box, a user can ignore warnings about invalid certificates and connect to the target Pulse server.
- Dynamic connections—Allows connections within this connection set to be automatically updated or added to a Pulse Secure client when the user connects to the Pulse server through the user Web portal, and then clicks the Pulse button. Dynamic connections are created as manual rather than automatic connections, which means that they are run only when the user initiates the connection or the user browses to a Pulse server and launches Pulse from the server’s Web interface.
If dynamic connections are disabled, and the user logs in through the Web portal of a Pulse server that is not already included in the Pulse client’s connection set, then starting Pulse from the Web portal does not add a new Pulse connection for that Pulse server. If you choose to disable dynamic connections, you can still allow users to manually create connections by enabling Allow User Connections.
- FIPS mode enabled—Enable FIPS mode communications for all Pulse connections in the connection set. The Federal Information Processing Standard (FIPS) defines secure communications for the U.S. government. When a Pulse connection is operating in FIPS mode, FIPS On appears in the lower corner of the Pulse client interface. If the Pulse server hardware does not support FIPS mode operations, FIPS mode configuration options are not present in the admin console interface. FIPS mode operations are supported on PSA-V Series Pulse Secure Gateways and some SA series appliances. The device must be running Pulse Policy Secure R5.0 or later or Pulse Connect Secure R8.0 or later.
Note: Users cannot enable FIPS mode from within the Pulse client. You must create FIPS-enabled connections on the server and deploy them.
- Wireless suppression—Disables wireless access when a wired connection is available. If the wired connection is removed, Pulse enables the wireless connections with the following properties:
- Connect even if the network is not broadcasting.
- Authenticate as computer when computer information is available.
- Connect when this network is in range.
Note: Wireless suppression occurs only when the wired connection is connected and authorized. If you enable wireless suppression, be sure to also configure a connection that enables the client to connect through a wired connection.