Reset Search



KB40126 - How to use the Pulse Secure Linux CLI client.

« Go Back


Last Modified Date5/31/2017 5:04 PM
This article describes the steps to install the Pulse client on Linux systems and the commands needed to initiate a VPN session.  Pulse Linux client is available with the release of Pulse Connect Secure 8.1R7 and above.
Problem or Goal
With the release of PCS 8.1R7, a Pulse client for Linux is available for the latest versions of Linux OS.  The Pulse Linux client was developed for command-line usage only and has been qualified on CentOS 6.4 and Ubuntu 14.04.  The packages are available as .rpm and .deb installers and can be distributed to Linux users from the PCS Admin Installers page or by downloading the installer packages from the PCS 8.1R7 software downloads page by logging into

The installer packages contain a README file that includes the basic command-line usage information.  As a supplement, this article also provides additional installation and usage instructions for supported Linux systems. 

Linux Pulse Client Pre-requisites:

  • PCS running 8.1R7+ or 8.2R1+.
  • PCS Host Name or IP Address. (Example: 
  • PCS Username and Password used to authenticate.
NOTE: SAML authentication support for Linux is added form Pulse Connect Secure 8.3R3 and Pulse Secure Desktop 5.3R3.
Note: The packages can be downloaded from the Pulse Connect Secure (PCS) software section version 8.1R7 in > "Support" > "License & Download Center".  Additionally, the PCS admin can download the installers from the Admin Installers page and distribute to Linux users.

Known Issues / Limitations:

Resolved Issues:

Installing the Pulse client:

Download the package installer to the Linux client then run the installer using the following command:

For Debian-based Linux installation (such as Ubuntu):  

dpkg -i <package name>

For RPM-based Linux installation (such as CentOS):

rpm -ivh <package name>

For example, if the Pulse Linux client is saved in /$HOME/downloads on Ubuntu, then the command would be:

dpkg -i /$HOME/downloads/

The script will prompt the user to install any missing dependent packages if they are not already installed.  
For example:  
Please execute below commands to install missing dependent packages:

apt-get install libc6-i386
apt-get install lib32z1

By default the Pulse client installs to /usr/local/pulse and contains the following files:


Launching the Pulse client 

Use the following command to launch the VPN client:

For 8.1R7:
/usr/local/pulse/ -h <PCS appliance IP/hostname> -u <vpn username> -p <vpn password 
-U <PCS SIGNINURL> -r <Realm> -f <path to PCS certificate file>

Example: /usr/local/pulse/ -h -u user01 -p password01 
-U -r Realm -f

For 8.1R8 and above:
/usr/local/pulse/ -h <PCS appliance IP/hostname> -u <vpn username> -p <vpn password 
-U <PCS SIGNINURL> -r <Realm>

Example:/usr/local/pulse/ -h -u user01 -p password01 
-U -r "Realm Name"

The -f option is deprecated in 8.1R8+. The Certificate Authority (CA) certificate store is used to verify that the 
PCS certificate is signed by a valid CA.
In RHEL/CentOS/Fedora, "/etc/pki/tls/certs/ca-bundle.crt" is used as CA certificate store.
In Ubuntu, "/etc/ssl/certs/ca-certificates.crt" is used as CA certificate store.

Additional Notes:
  • If -r <Realm_Name> is not stated, by default, it will attempt to connect to the "Users" realm. If the realm name has a white space, refer to KB40158.
  • In the event that a user does not want the password to be revealed in the terminal history, the argument <vpn password> can be omitted and the user will instead be prompted for the password at run time.
  • After the VPN tunnel is creates successfully, the terminal window will remain blank and must remain open.  If the terminal window is closed, this will close the VPN connection.

Launching Pulse with Client-side Proxy

If client-side proxy is required to connect to the Pulse VPN server, use the following command to launch Pulse:
/usr/local/pulse/ -h <PCS appliance IP/hostname> -u <vpn username> -p <vpn password> 
-U <PCS SIGNINURL> -r <Realm> -y <proxy IP/hostname> -z <proxy port> 
-s <proxy username> -a <proxy password>

Example: Example:/usr/local/pulse/ -h -u user01 -p password01 
-U -r Realm -y -z 9000 -s user01 -I
NOTE: In case the user doesn't want to reveal the proxy password in the command line arguments, the 
-I (case-sensitive) parameter can be used instead of the proxy password parameter. Then a prompt will be 
given to take the proxy password.

Displaying the Available Arguments

Use the following command to display the available arguments for the Pulse client:     
/usr/local/pulse/ -H

Checking the Status of the VPN Connection

Use the following command to check the status of the Pulse VPN connection:
/usr/local/pulse/ -S

Note:This command could take up to 30 seconds to reflect the current state of the Pulse client. 

Terminating Pulse:

Terminate the Pulse VPN connection with the following command:  
/usr/local/pulse/ -K

Upgrading the Pulse client:

rpm -Uvh /path_to_package
dpkg -I /path_to_package

Uninstalling the Pulse client:

rpm -e <pkgname>
dpkg -r <pkgname>


If problems persist with the Pulse Linux client, please open a support case at with the following logs:

Client-side Logs:
  • ~/.juniper_networks/network_connect/ncsvc.log (for 8.1R7 and earlier)
  • ~/.pulse_secure/pulse/pulsesvc.log (8.1R8 and later)
Server-side Logs:
  • System > Log/Monitoring > Select Event > Save all logs
Related Links
Attachment 1 
Created ByNick Christen



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255