|Last Modified Date||5/3/2021 1:37 PM|
|Problem or Goal|
Frequently Asked Questions (FAQ):Question 1: How do I run the Integrity Tool on Pulse Connect Secure appliances?
Answer: Please follow the following steps to deploy the patch on the Pulse Connect Secure appliance:
Question 2: Will the device reboot after running the Integrity Tool?
Answer: Yes, once you run the Integrity Tool, your device it will automatically get rebooted.
Question 3: After running the Integrity Tool, how we can verify the results?
Answer: Once you run the Integrity Tool, the following upgrade page appears post running the tool.
Question 4: Admin Generated Snapshot generated post-reboot, however, my appliance was showing 0 Mis-matched files or Newly Detected files?
Answer: Yes, this is expected behavior. Post reboot, PCS generates the Admin Generated Snapshot.
Question 5: We are using A/A or A/P Cluster, do we need to run Integrity Tool individually on each node?
Answer: Yes, we need to run the Integrity Tool individually on each node in the cluster scenario.
Question 6: We are using A/A or A/P Cluster, do we break the cluster to run this tool?
Answer: No, there is no need to break the cluster to run Integrity Tool on the appliance.
Question 7: Do this tool repair any file during the reboot?
Answer: No, this tool does not repair any file during the reboot of the appliance.
Question 8: While running the Integrity Tool, the following logs "System software upgrade failed. Installation timed out." are generated under admin logs?
Answer: This is expected behavior as this tool is only to verify the integrity of the appliance. An administrator could ignore this error message.
Question 9: What is the MD5 and SHA Hash value of the PCS Integrity Tool?
Answer: You can download the Integrity Tool from the Download Center at https://my.pulsesecure.net.
Please find the MD5 and SHA1 Hash values:
MD5 : 1bcd0dc9e3f34f1e1951629b0f31fe1d
SHA1 : c3755175b2f5083378b442bf2844b12f4eb0c5d3
Question 10: While running the Integrity Tool, the tool failed on the 3rd step "Step 3: Integrity checker is not supported for this PCS version. ... complete (0 seconds)"?
Answer: This is expected behavior as this tool is only to verify above mentioned Production PCS version / Build Numbers.
Question 11: Can this tool be available for further releases?
Answer: Engineering Team is working on this tool for further improvements and planning to build an incremental tool for each release.
Question 12: Do any of the client components upgraded with this Integrity Tool?
Answer: No, this tool does not upgrade the PCS version or any client component on the PCS appliance.
Question 13: While running the Integrity Tool, we are seeing mismatched files or newly detected files.
Answer: Please download the Admin Generated Snapshot post-reboot and created a Support Ticket for further investigation.
For more information visit KB44764 (Customer FAQ).
Question 14: How can I download the Admin Generated Snapshot from the PCS appliance.
Answer: To download the Admin Generated Snapshot, please follow the below steps:
WHAT CAN AN ADMIN DO FOR ADDITIONAL INDICATORS:
Enabling Unauthenticated Request option
By default, these requests are not logged under the VPN appliance until we have the Unauthenticated Request option enabled (Under Log/Monitoring > User Access > Setting) which is off by default.
If this option is enabled, then the administrator can check the logs in the User Access logs.
Please refer following KB for more details: KB29805 - Pulse Connect Secure: Security configuration best practices
March 31, 2021 - Initial public release.
April 15, 2021 - New version of the ICT (Integrity Checker Tool) available for dot releases and older releases.
April 18, 2021 - New version of the ICT (Integrity Checker Tool) available for older releases.
|Created By||Sahil Mahajan|