Pulse Secure Mobile Client for iOS forwards Web traffic to backend resources using the IP address of the Secure Access Gateway in the rewritten URL instead of the server host name.
For example, Pulse Secure Mobile Client for iOS forwards Web URLs using PTP to the backend resource server as:
Normally, Web URLs using PTP are forwarded to the backend resource server by host name as:
PTP only supports using host names for the backend resource and it is also required to use the DNS name of the Secure Access Gateway for the secure session. Normally, this condition would be handled by adding an entry to the host file on the client PC or mobile device that resolves the IP address of the Secure Access Gateway to its DNS host name, which allows PTP to work in this scenario. However, due to restrictions in Apple iOS, the host file cannot be modified, thus creating the Web server certificate mismatch issued in the Apple Webkit browser used by the Pulse client, and the connection is denied.