Client firewalls, Anti-Malware, Anti-Spyware and Anti-Virus can prevent the installation and upgrade of Pulse components. The following guidelines should be followed to allow access to these processes.
(Note: The following list is based on 9.1 releases and only includes rebranded Pulse Secure executables. For 9.1 releases and older, go to the Client side changes Guide for Pulse Connect Secure, select the appropriate version. (See KB9085 for more information.)
- Check GPO policies for managed endpoints to verify that Pulse Secure components are permitted. (See list below).
- Ensure the following ports are open for Ivanti Secure access client/Pulse to install/launch.
- TCP port 443
- UDP port 4500 for ESP mode with VPN tunneling
- If firewall filters are based on Application Name, use the following table to determine the process to permit.
Pulse Desktop Client
If software restrictions on the client PC are applied to folder directories, the following file paths should be allowed:
%PROGRAMFILES(X86)%\Common Files\Pulse Secure (64-bit system)
%PROGRAMFILES%\Common Files\Pulse Secure (32-bit system)
- It may be necessary to stop the service that is associated with a Firewall, AV or Anti-Malware service so that a user can test installing the Pulse Secure application without any restrictions. If the user is able to install Pulse Secure components with one of these services stops then this can narrow down the program applying the restriction. Refer to third party vendor documentation for instructions on doing this.
- Try to install new client using Administrator account or install with administrator privilege to avoid rolling-back issues.