Log In

Sign Up Contact Sales
Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

> Pulse Connect Secure SSL VPN 2FA

Pulse Connect Secure SSL VPN 2FA

This guide shows how to enable multi-factor authentication (2FA / MFA) for users logging in to Pulse Connect Secure SSL VPN with the help of the Protectimus two-factor authentication solution for Pulse Connect Secure SSL VPN.

Protectimus’s two-factor authentication system integrates with Pulse Connect Secure SSL VPN via RADIUS authentication protocol.

In this scenario, the Protectimus Cloud 2FA Service or On-Premise 2FA Platform performs as a RADIUS server, and the Pulse Connect Secure SSL VPN takes the role of a RADIUS client.

You will find the scheme of work of the Protectimus solution for Pulse Connect Secure SSL VPN two-factor authentication below.

2FA/MFA for Pulse Connect Secure SSL VPN via RADIUS

1. How 2FA for Pulse Connect Secure SSL VPN Works

Two-factor authentication (2FA / MFA) protects the Pulse Connect Secure SSL VPN user accounts from phishing, brute force, keyloggers, man-in-the-middle attacks, data spoofing, social engineering, and other similar hacking tricks.

When you enable 2FA/MFA for Pulse Connect Secure SSL VPN, Pulse Secure VPN users will use two different authentication factors to get access to their accounts.
  1. The first factor is username and password (something they know);
  2. The second factor is a one-time password generated with the help of a hardware OTP token or a 2FA app (something they own).

To hack a Pulse Connect Secure SSL VPN user account protected with two-factor authentication, a hacker needs both passwords at once. Moreover, a hacker has only 30 seconds to crack and use a time-based one-time password. It is almost impossible to fulfill these conditions, which makes two-factor authentication so effective.

2. How to Enable 2FA for Pulse Connect Secure SSL VPN

You can set up two-factor authentication (2FA) for Pulse Connect Secure SSL VPN with Protectimus using the RADIUS protocol:
  1. Get registered with Protectimus SAAS Service or install the On-Premise 2FA Platform and configure basic settings.
  2. Install and configure Protectimus RADIUS Server.
  3. Configure Pulse Connect Secure SSL VPN authentication policies.

2.1. Get Registered and Configure Basic Protectimus Settings

  1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the RProxy box during the installation).
  2. Add Resource.
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

2.2. Install and Configure Protectimus RADIUS Server

Detailed instructions for installing and configuring the Protectimus RADIUS Server for Pulse Connect Secure SSL VPN 2-factor authentication using RADIUS are available here.

2.3. Add Protectimus as RADIUS Server for Pulse Connect Secure SSL VPN

  1. Log into the Pulse Secure administration panel.
  2. Navigate to Authentication –> Auth. Servers.
How to set up 2FA/MFA for Pulse Connect Secure SSL VPN - step 2
  1. Select RADIUS Server in the dropdown, and click New Server….
How to set up MFA for Pulse Connect Secure SSL VPN - step 3
  1. Fill in the required fields in the Settings tab. Please refer to the following table and image.
Name Come up with a name for your RADIUS server, e.g. Protectimus Server.
RADIUS Server Enter the IP of server where the Protectimus RADIUS Server component is installed.
Authentication Port Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).
Shared Secret Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server
Timeout Set to 180 seconds.
Retries Set to 3.
How to set up two-factor authentication for Pulse Connect Secure SSL VPN - step 4
  1. Keep default values of all other fields and click Save Changes.
  2. Navigate to Users –> User Realms –> New User Realm….
How to set up 2-factor authentication for Pulse Connect Secure SSL VPN - step 6
  1. Come up with a Name for your new realm, e.g. Protectimus Server.
  2. Select the previously created authentication server (Protectimus Server) in the Authentication dropdown.
  3. Click Save Changes.
How to set up multi-factor authentication for Pulse Connect Secure SSL VPN - step 7
  1. Navigate to Authentication Policy –> Password.
  2. Select Allow all users (passwords of any length) and click Save Changes.
How to set up multi-factor auth for Pulse Connect Secure SSL VPN - step 10
  1. Go to the Role Mapping tab and click New Rule….
How to set up two-factor auth for Pulse Connect Secure SSL VPN - step 12
  1. Come up with the name for a new rule, e.g. Protectimus Rule.
  2. Set Rule:If username… to is *.
  3. Assign a Users role. Select Users on the Available Roles list and click Add –>.
  4. Click Save Changes.
How to set up 2FA for Pulse Connect Secure SSL VPN - step 13
  1. Navigate to Authentication –> Signing In –> Sign-in Policies.
How to set up MFA for Pulse Connect Secure SSL VPN - step 17
  1. Click the */ URL in the User URLs table.
  2. Select User picks from a list of authentication realms and select the Protectimus Server realm you have created before. To do this, just select Protectimus Server on the Available realms list and click Add –>.
  3. Click Save Changes.
How to set up two-factor authentication for Pulse Connect Secure SSL VPN - step 19

Integration of multi-factor authentication for Pulse Connect Secure SSL VPN is now complete. If you have other questions, contact Protectimus customer support service.
Last updated on 2023-01-06
Palo Alto Networks VPN 2FASonicWall VPN 2FA
OATH certified
ALL RIGHTS RESERVED. PROTECTIMUS LTD. 2024