KB40940 - How to disable administrator access to the Pulse Connect Secure (PCS) device from external access

This article provides step-by-step instructions how to disable administrator access to the PCS device from external access.

To disable administrator access from external access, please perform the following steps:

1. Login to the admin console
2. Navigate to Administrators > Admin Realms > [Admin Realm Name] > Authentication Policy > Source IP
3. Under Administrator sign in ports, uncheck the box for Enable administrators to sign in on the External Port

If the PCS device is configured as a one-arm configuration (internal port only), please perform the following steps:

1. ​Login to the admin console
2. Navigate to Administrators > Admin Realms > [Admin Realm Name] > Authentication Policy > Source IP
3. Select the radio button for Allow or deny users from the following IP addresses
4. Under IPv4/IPv6 address and netmask field, enter the internal ip range to allow from the internal network
5. Select the radio button for Allow
6. Click Add
7. Under IPv4/IPv6 address and netmask field, enter *
8. Select the radio button for Deny
9. Click Add

To avoid denying all connections, ensure the allow rule is above the deny rule. Once completed, the admin access will be disabled when reaching the external port or the ip address range that does not match the allow rule. If access is blocked, end user will receive error message:

You do not have permission to login. Please contact your administrator.