MRD Template - Juniper Networks

Pulse Policy Secure 5.2R1
Release Notes
Pulse Policy Secure version 5.2 R1 Build 28769
Pulse Client version 5.1 R2 Build 54585
Odyssey Access Client version 5.60.27023
Product Release 5.2
Document Revision 1.0
Published: 2015-03-31
© 2015 by Pulse Secure, LLC. All rights reserved
Pulse Policy Secure Release Notes
Table of Contents
Hardware Platform ___________________________________________________________________ 4
Virtual Appliance Editions ______________________________________________________________ 4
Interoperability and Supported Platforms _________________________________________________ 4
Upgrading to Pulse Policy Secure 5.2R1 ___________________________________________________ 5
New Features ________________________________________________________________________ 5
Fixed Issues _________________________________________________________________________ 6
Open Issues _________________________________________________________________________ 6
Documentation ______________________________________________________________________ 8
Documentation Feedback ________________________________________________________________ 9
Technical Support ______________________________________________________________________ 9
Requesting Technical Support ___________________________________________________________ 9
Revision History ________________________________________________________________________ 9
© 2015 by Pulse Secure, LLC. All rights reserved
Page 2 of 10
Pulse Policy Secure Release Notes
List of Tables
Table 1: Virtual Appliance Qualified Systems ........................................................................................... 4
Table 2 Upgrade Paths ............................................................................................................................. 5
Table 3 List of New Features .................................................................................................................... 5
Table 4 List of Issues Fixed in this Release ................................................................................................ 6
Table 5 List of Open Issues in this release ................................................................................................ 6
Table 6 Documentation ............................................................................................................................ 8
Table 7: Revision History .......................................................................................................................... 9
© 2015 by Pulse Secure, LLC. All rights reserved
Page 3 of 10
Pulse Policy Secure Release Notes
Hardware Platform
You can install and use this software version on the following hardware platforms:

IC4500, IC6500, IC6500 FIPS, MAG2600, MAG4610, MAG6610, MAG6611, MAG
SM160, MAG SM360
Virtual Appliance Editions
This software version is available for the following virtual appliance editions:

Demonstration and Training Edition (DTE)
Service Provider Edition (SPE)

Table 1: Virtual Appliance Qualified Systems
Platform
VMware
KVM

Qualified System



IBM BladeServer H chassis
BladeCenter HS blade server
vSphere 5.1, 5.0, and 4.1


QEMU/KVM v1.4.0
Linux Server Release 6.4 on an Intel Xeon CPU L5640 @ 2.27GHz
o NFS storage mounted in host
o 24GB memory in host
o Allocation for virtual appliance: 4vCPU, 4GB memory and 20GB disk
space
To download the virtual appliance software, go to:
http://www.pulsesecure.net/support/
Interoperability and Supported Platforms

Refer to the Supported Platforms document on the software download site for details
about supported versions of the Screen OS Enforcer, the Junos Enforcer, client
browsers, client smart phones, and client operating systems. Go to:
http://www.pulsesecure.net/support/
© 2015 by Pulse Secure, LLC. All rights reserved
Page 4 of 10
Pulse Policy Secure Release Notes
Upgrading to Pulse Policy Secure 5.2R1
Table 2 Upgrade Paths
Release
Description

Pulse Policy Secure
Software Upgrade
Automatic updates to this release are supported for all
PPS releases after and including PPS 4.4 R1.

This release does not support IC4000 and IC6000 devices.
These hardware models have reached end-of-life (EOL).
Pulse Secure Desktop 5.1R2
Client Software Upgrade
Refer to the Pulse Secure Desktop Client 5.1 release notes.
Odyssey Access Client
Upgrade
In this release same version of Odyssey client is retained.
PPS Agent (OAC)
An IC Series device can handle 1500 concurrent endpoint
upgrades.
Standalone OAC Client
This release supports the standalone, non-PPS version of
Odyssey Access Client. Instructions for installing OAC on
standalone clients are contained in the help guide under the
section Getting Started > Initial Configuration.
Endpoint Security Assessment
Plug-in (ESAP) Compatibility
ESAP package version 2.6.6 is the minimum version to be
compatible with Pulse Policy Secure version 5.2R1. The
default version for ESAP is 2.6.6
Network and Security Manager
(NSM) Compatibility
NSM is not supported
New Features
Table 3 describes the major features that are introduced in this release.
Table 3 List of New Features
Feature
Description
Wireless LAN Controller (WLC)
external captive portal
integration
Ability to deploy Guest access management on Cisco and Aruba
WLAN
Guest Self-service registration
Self-service registration of guests to obtain network access
User Experience
Enhancements for Guest
Refreshed user-experience through revamp of the existing User
Interface for both Guest users as well the Guest User Access
© 2015 by Pulse Secure, LLC. All rights reserved
Page 5 of 10
Pulse Policy Secure Release Notes
Access
Managers
IF-Map Rebranding
Introduced Pulse Secure brand and trademarks in IF-MAP vendor
specific metadata types
Addition of Funk-DestinationIP-Address attribute
Ability to enable administrator to assign realm based on Radius
incoming port
Fixed Issues
Table 4 lists issues that have been fixed and are resolved by upgrading to this release.
Table 4 List of Issues Fixed in this Release
PR Number
Release Note
PRS-323316
When many authentication requests are pending at the same time, SBR consumes lot
of memory leaving very less memory for system to continue to work. To avoid this
situation, the number of pending authentication requests in SBR have been reduced.
Open Issues
Table 5 lists open issues in this release.
Table 5 List of Open Issues in this release
PR Number
Release Note
PRS-324568
Guest user sessions are reported as "802.1x Auth" in "Auth Mechanism" chart on
dashboard charts.
PRS-325099
If customer deployed/using GUAM prior to 5.2 and when upgraded to 5.2 old Login is
shown, however the rest of pages (such as summary, create user, create many user,
edit pages...and so on) will have new User Interface(UI). To get the latest Login page
UI, admin needs to enable "Use this signin policy for Guest and Guest admin to use
specific pages." in the SignIn-URL they used prior to 5.2
PRS-322455
Guest user session does not display Agent Type in Active Users page in Wireless
LAN Controllers deployment
PRS-325099
Customization of GUAM pages is no longer supported in 5.2, If customer using
customization using custom sign-in pages (i.e. using sample) prior to 5.2 and when
upgraded to 5.2 customization done prior to 5.2 is lost.
PRS-322691
"Change password at first/next login" option will not be supported in GUAM for
Wireless LAN Controller (WLC) case. This option should not be enabled. If enabled, it
will not have any effect.
© 2015 by Pulse Secure, LLC. All rights reserved
Page 6 of 10
Pulse Policy Secure Release Notes
PRS-317090
IPSec use-cases will not work if Fed client-1(Authentication PPS) is upgraded, due to
change in public key. The new public key needs to be re-published to Fed client2(Enforcer PPS).
Workaround: Reboot the Fed client-2 so it can fetch new public key from Fed client-1
PRS-318004
When an active node of a Pulse Policy Secure Active/Passive cluster, configured for
IPSec Enforcement using Virtual Adapter, is rebooted, the ssh session to the SRX
protected resource is disconnected. Work around is to restart ssh session to the
protected resource.
PRS-322433
Cisco WLC running 7.6.130.0 does not apply session time-out sent by PPS in the
RADIUS Access Accept, if there is a session-timeout configured already on the WLC
for the WLAN.
PRS-321071
Deleting user from Pulse Policy Secure active user page does not disconnect the
Cisco 2500/5500/7500/8500 WLC wireless user
PRS-325011
With Host Check interval set to non-zero when client machine comes back from sleep
or hibernation, Pulse Secure client does not resume 802.1x connection.
PRS-321068
Guest Access: After login through web auth (captive portal), client does not go to vlan
id sent from IC.
Workaround: Use a RADIUS Filter-ID attribute to restrict the guest’s access
PRS-325108
For Pulse Policy Secure, the agentless Host Checker version on Mac OSX is
incorrect in versioninfo.ini file
PRS-324891
When Pulse Secure client 802.1x connection is resumed after Pulse Policy Secure
(PPS) Active-Passive cluster fail-over, host check does not happen immediately and it
is evaluated after the configured host check interval.
PRS-322623
Guest Access: With Aruba Wireless Controller, CHAP for captive portal radius
authentication is not supported because Aruba Wireless Controller uses not standard
implementation of CHAP.
Workaround: Use PAP for captive portal radius authentication.
PRS-322503
Guest Access: With Aruba Wireless Controller, change of VLAN by specifying in the
new role does not work for captive portal.
Workaround: Use Filter-ID Radius attribute to restrict the guest user’s access.
PRS-324342
With PPS in Active/Passive cluster mode, deleting the user from active user page
does not disconnect user from Cisco WLC
PRS-322367
With new guest sign-in pages, admin will not be given an option to configure PostAuth Sign-in Notification
© 2015 by Pulse Secure, LLC. All rights reserved
Page 7 of 10
Pulse Policy Secure Release Notes
Documentation
Table 6 describes the documentation set. The documentation is available at
http://www.pulsesecure.net/support.
Table 6 Documentation
Title
Description
Getting Started
Release Notes
A release summary, including lists of new features, changed features,
known issues, and fixed issues.
Supported Platforms
List of client environments, third-party servers, and third-party applications
that have been tested and are compatible with the software release.
Getting Started Guide
How to complete a basic configuration to get started using the solution.
Licensing Guide
How to install any licenses that might be required.
IC Series to MAG Series
Migration Guide
How to migrate the system configuration and user data to the newer
platform.
Virtual Appliance
Deployment Guide
How to install, configure, and use the virtual appliance edition.
Administration Guides
Complete Software
Guide
The complete collection of user documentation for this release in PDF
format.
Administration Guide
How to complete the network and host configuration and how to use
certificate security administration, configuration file management, and
system maintenance features.
Feature Guides
Guest Access Solution
Configuration Guide
A complete guide to guest access solution which enables self-registration of
guest over WLC and enable administrator to manage guest user access
privileges.
© 2015 by Pulse Secure, LLC. All rights reserved
Page 8 of 10
Pulse Policy Secure Release Notes
Solutions
Endpoint Security
Feature Guide
Describes Host Checker and Cache Cleaner settings.
Developer Reference
Guide
Custom Sign-In Pages
Developer Reference
A reference on customization sign in pages
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can improve the
documentation. You can send your comments to [email protected]
Technical Support
Technical product support is available through the Pulse Secure Global Support Center (PSGSC).


http://www.pulsesecure.net/support/
Call 1-888-314-5822 (toll-free in the USA, Canada, and Mexico).
If outside US or Canada, use a country number listed from one of the regional tabs
For more technical support resources, browse the support website:
http://www.pulsesecure.net/support/
Requesting Technical Support
To open a case or to obtain support information, please visit the Pulse Secure Support Site:
http://www.pulsesecure.net/support/
Revision History
Table 6 lists the revision history for this document.
Table 7: Revision History
Revision
Description
26 Mar 2015
Initial publication.
© 2015 by Pulse Secure, LLC. All rights reserved
Page 9 of 10
Pulse Policy Secure Release Notes
© 2015 by Pulse Secure, LLC. All rights reserved
Page 10 of 10