Reset Search



KB43679 - Best practices and known third-party issues with Pulse Desktop client with lock down mode feature

« Go Back


Last Modified Date12/20/2018 4:24 PM
This article provides information about best practices and known third-party issues with Pulse Desktop Client with lock down mode feature.
Problem or Goal
Updated: December 20, 2018

Lock down mode was designed to block all network connectivity (except for a few core features) when the end user is not connected to the Pulse Connect Secure device.  For more information about the behavior, please refer to KB40363 - Behavior of "Lock Down this connection" (also known as Lock Down Mode).


As of December 2018, Pulse Secure does recommend the following software releases and deployment guidelines with lock down mode:
  1. Deploy Pulse Connect Secure and Pulse Desktop Client (PDC) 9.0R3 (lock down exceptions rules were added with PDC 9.0R2 for both macOS and Windows)
  2. Pulse Desktop Client should be deployed with one connection.  If multiple connections are needed with VPN Only Access, please refer to KB43981 - VPN Only Access with resolvable address (location awareness rule) with more than one connection will cause the lock down firewall to start after the VPN tunnel is created with Pulse Desktop Client 9.0R1 / 5.3R6 and below
  3. Third-party applications that require network connectivity prior to the VPN tunnel being established, Pulse Secure recommends to add the network range or application to the exception list. 

For more information, please refer to KB43665 - Lockdown mode exception rules feature.

Below is an on-going list of known third-party applications that may have issues when lock down mode is enabled.  Please continue to monitor this article as we will continue to add to this list as new issue are discovered.
VendorDescription of IssueResolution
Ivanti / LumensionAfter enabling lockdown mode with Pulse Secure Desktop client with Ivanti Device and Application control client installed, Windows endpoint experience slow performance (i.e. slow application load times and lagged response from mouse cursor)Add to lock down exception list
Printer Spooler (Windows)KB43848 - When lock down mode is enabled, Printer Spooler service cannot start with the error message " Windows could not start the Printer Spooler service on Local Computer. Error 0x800706b9: Not enough resources are available to complete this operationAdd to lock down exception list
Any third-party server running on loopback Address (macOS)KB43948 - Unable to reach any resources bound to the local loopback address when lock down mode is enabled with Pulse Secure Desktop client for macOSResolved in Pulse Desktop Client 9.0R3
Related Links
Attachment 1 
Created ByK. Kitajima



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255