Prerequisites:
- Pulse Connect Secure (PCS) device must be running 8.2R3 or higher.
- Pulse Mobile iOS client must be running 6.1.0 or higher.
- Layer 4 (L4) Per-App VPN must be configured via MDM. (L3 Per-App VPN is not supported due to Apple API limitation.)
Steps to configure L4 Per-App VPN using split tunneling FQDN:
In PCS 8.2R3 and above, the PCS administrator can add FQDN based hosts to the allowed server list under the corresponding user role used for Per-App VPN by following these steps:
- Login to the admin console.
- Navigate to Users > (ROLE_NAME) > SAM
- In the WSAM Allowed Servers section, click Add Server
- In the Allowed Servers(and Ports) field, enter the FQDN or host name to be tunnel via Per-App VPN.
Note: The example below shows both an IP based allowed server and an FQDN based allowed server.*
- Click Save Changes.
*Important Note: For Pulse Mobile iOS 6.1.0 and up connecting to PCS devices running versions prior to 8.2R3, it will still be necessary to use IP based SAM allowed servers as FQDN split tunneling will not be recognized and can cause Per-App VPN access to fail. In versions prior to 8.2R3, The PCS device will evaluate the resource by reverting to the previous behavior where split tunneling configuration is only allowed by IP address defined in the allowed servers list.
Additional Notes:
With the initial release of the FQDN split tunneling feature in PCS 8.2R3 and up and Pulse Mobile for iOS 6.1.0 and up, the, PCS device only supports whitelists, which are defined as "Allow Access" server lists for layer 4 (L4) Per-App VPN configuration. As of October 2016, blacklist, or Deny Access scenarios, are not supported, but are planned for a future release.
