Pulse Secure Browser is a browser with a built-in Layer 4 VPN that provides secure access to intranet resources. This solution provides Layer 4 VPN functionality without the need for an MDM solution. Pulse Secure browser is designed to work as a standalone browser and does not require installation of the Pulse Mobile for iOS client.
Alternatively, Layer 4 Per-App VPN can be achieved with Pulse Mobile for iOS with Pulse Workspace (PWS) or another MDM vendor. For more instructions, please refer to
KB40328 - How to configure Per-App VPN for Pulse Mobile for iOS with Pulse Workspace and Pulse Connect Secure (PCS) device
Configuration steps on Pulse Connect Secure (PCS):
- Login to the PCS admin console.
- Navigate to User Realms > New User Realm, provide a realm name and select the corresponding authentication servers.
- Click Save Changes.

- Navigate to User Realms > (Realm Name) > Role Mapping
- Click New Rule to create the Role Mapping rule. In the following example, any user will be mapped to the Users role.
- Click Save Changes.
- Navigate to User Roles > (Role Name) > General
- Under the following role, click the checkbox for Secure Application Manager.
- Select the radio button for Windows version.
- Navigate to Resource Policies > SAM > Access Control
- Click New Policy
- In the Name field, enter a friendly name
- In the Resources field, enter the IP Address(es) to allow through the L4 tunnel
- Under Roles, select Policy applied to SELECTED roles. Under Available Roles, select the corresponding role to assign and click Add
- Under Action, select radio button for Allow socket access
- Click Save Changes

- Navigate to Resource Profiles > Web
- Create a New Resource Profile to attach to the role
- Enter a friendly name for the Resource Profile
- Enter the Base URL of the resource

- Under the Roles Tab, verify which roles to assign to the Resource Profile
- Click Save Changes