Note: The numbers in the parentheses are the associated internal support/engineering report numbers.
The Push Config functionality can push config files with a limit of 200MB. (PRS-243571) To substantially reduce the size of the config file, it is recommended to uncheck ESAP Versions and Pulse Secure Versions to help avoid large XML exports.
If a User Role has UI options enabled, and if any custom page URL under UI Options contains a variable (for example:
<USER>), the XML export of the role fails.
- XML Import/Export is not supported for bookmarks with uploaded Java applets. The PCS device generates an error message during the import operation. The workaround is to remove the applet bookmarks from the XML file and manually reconfigure them after the import has taken place.
- The system configuration contains the network settings, certificates, licenses. Export the entire config by going to Maintenance > Import/Export > Configuration.
- When replacing a standalone device for one that has been removed from the network go to Maintenance > Import/Export > Configuration page and select "Import Everything (Except Device Certificates).
- When adding a second standalone device with the same desired config as an existing standalone device, or one that will join an existing cluster, select "Import Device Certificates" then select the option to Import everything except network settings and licenses.
XML Import/Export for Basic Auth and NTLM auth resource policies is not supported. (31383)
When an XML Import or binary Import operation is performed on a cluster node, the operation can take 5-8 minutes to complete (including the time to synchronize this configuration across all the nodes in the cluster). There is no progress bar or other UI indication of progress during the import. This is also the case when a Push Config operation is applied to a target cluster.
If an XML file containing Pulse Collaboration settings is to be imported into an PCS device via the XML Import operation, or if a PCS device is the target for a Selective Push Config operation in which the incoming configuration contains Pulse Collaboration settings, the target PCS device must also have a Pulse Collaboration license installed.
The VLAN field under user role > General >Vlan/SourceIP is not supported by XML Import/Export. (35096)
When XML Export is performed on a user role that has VPN Tunneling enabled, the following role settings are not exported:
Enable TOS bits copy
XML Import/Export is not supported for Rewrite links in PDF files in the Web Options Role page. (49749)
Although the default operation with XML import is an implicit merge, only objects can be merged, not attributes. This fact may cause the result of an XML import to yield results that are unexpected.
For example, if you generate XML code to add additional VLANS to the list of "Selected Interfaces" (note:This feature is only seen on Virtual Appliances) under System > Traffic Segregation > (name of the network) - and your existing configuration already puts a number of VLANS in the list - then you import the XML, you will find that only the VLANS you specified in the XML code will appear in the "Selected Interfaces" list. The VLANS that were there previously will have moved to the "Available Interfaces" list. On the surface, this may appear that the merge command is not working; but it is. The reason for the behavior is that the VLANS on the list are attribute data types, and not objects.
To determine if a specific item is an attribute or an object, you can download the XML schema data under Maintenance > Import/Export > Export XML. In the schema data, some elements will list type="xsd:string" rather than any other type (or no "type=" data at all). That means that the element is an attribute and cannot be merged. In the example above, to add additional VLANS to the list, you would need to include all the VLANS that you want to be on the list in the XML code, rather than just those that you are wanting to add. (Sust# 7163)
- When a selected config is pushed, it would be of a merge operation where it will add the config from source machine, but it would not remove them. This design is to keep the integrity of the target PCS configuration.
- When entire configuration is pushed, it would be of delete operation and would replace the target PCS's configuration.