[Alert] After updating to Pulse Client for iOS 9.0.0, an issue has occurred where communication becomes impossible after connecting to VPN

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

Event/Seminar

video on demand

[Warning] After updating to Pulse Client for iOS 9.0.0, there is an issue where communication is not possible after connecting to VPN.

event summary

It has been confirmed that Pulse Secure Client for iOS 9.0.0, which was released from January 15th to January 24th, will not be able to communicate after connecting to the VPN.

This issue occurs when using an affected PCS OS version and when Split tunneling is Disabled in VPN Options.

cause

This is a bug in Pulse Secure Client for iOS 9.0.0.

This does not apply to Pulse Secure Client for iOS 9.0.1 or later, if you updated after January 24th.

Permanent measures

Action by the client or VPN gateway (PSA) is required.

It was released to the Apple Store on January 24th, so please update as needed.

[client]
Use Pulse Secure Client for iOS 9.0.1 with bug fixes. This application is currently under verification and is scheduled to be released around 1/27, and we will update it again as soon as the information is updated.

[VPN Gateway (PSA)]
A workaround is possible by upgrading to PCS OS version 9.0 or 9.1, which are not affected by the following.

*If you are using MAG as a VPN gateway, you cannot upgrade to 9.0 or 9.1, so one of the following measures is required.

Version upgrade to the client with the bug fixed
Prepare PSA and upgrade to unaffected PCS OS version
Implement the workaround described below

Affected PCS OS Version

8.3Rx
8.2Rx
8.1 Rx

*There is no report for 8.0Rx or less at this time. If it occurs, we will add it, so we would appreciate it if you could report it to our support window below.

Inquiries about product specifications and functions

E-mail：pulsesecure@macnica.co.jp

*Please include the maintenance contract number and serial number in the email.

Hours: Weekdays (*) 9:00-12:00/13:00-17:00
*Excluding holidays specified by our company

PCS OS versions not affected

9.1Rx
9.0Rx

Preventive measures

If the version of Pulse Secure Client for iOS has been upgraded, it is not possible to downgrade due to Apple's specifications, so it is necessary not to upgrade the version.

If you are using iOS, automatic version updates are enabled by default, so please refer to the following article "Turn automatic updates on/off" to stop automatic updates of the app.

Apple official page

Workaround

We have confirmed in our environment that elephants are avoided.

1.Users > User Roles > [applicable Role] > VPN Tunneling > Options > Set Split tunneling to Enable

2. Under Users > Resource Policies > VPN Tunneling > Split-tunneling Networks, set one of the following:

・Create a policy with all destination IP addresses for VPN communication as Allow access (use VPN tunnel)

・Create a policy as Exclude access for any IP address that is not subject to VPN communication, such as 1.1.1.1
*If only Exclude access policy exists, other destinations (*:*) will be allowed and will go through the VPN tunnel (substantially the same state as split tunneling is disabled).

3. Apply the created policy to [Role]

[Important] This is a workaround setting when using the problematic client Pulse Secure Client for iOS 9.0.0. When the fixed version of Pulse Secure Client for iOS 9.0.1 is released, please delete the created Split-tunneling Networks and return to the state before the workaround setting was applied.

supplement

We will update this article as soon as the situation is updated.

Please also check the update status of the following manufacturer articles.

KB44347

Macnica
Pulse Secure product manager

TEL：045-476-2010
E-mail：pulsesecure-sales@macnica.co.jp

return