Pulse Access Control Service Supported Platforms Guide How-to Guide Build Published Date Revision 5.0R1 (Build 23387) July 2015 03
Contents Introduction 3 Administrator Web User Interface 3 Pulse Secure Client Software 4 Third-Party 802.1x Supplicants 5 Agentless Access (Browsers) 6 Agentless Access (Java-Based) 8 Platform Support for AAA 8 MDM Solutions 9 802.1x Authenticators in Layer 2 Network Access Control Deployments 10 Endpoint Security Assessment Plug-in (ESAP) Compatibility 10 Infranet Enforcers in Layer 3 Resource Policy Deployments 10 IDP Devices in Coordinated Threat Control Deployments 11 Network and Security Manager Compatibility 11 IF-MAP Compatibility 12 Revision History 12 2
Introduction This document describes the client environments and IT infrastructure that are compatible with this release. In this document, we identify compatibility testing for this release with the following terminology: Qualified Indicates that the item was systematically tested by QA for this release. Compatible Indicates that the item was not tested for this release, but based on knowledge or testing done for previous releases, we support it. Pulse Secure supports all items listed as qualified or compatible. Administrator Web User Interface Table 1: on page 3 lists supported platforms for the administrator user interface. Table 1: Admin User Interface Operating System Browsers/Java Qualified Compatible Windows Windows 8 Enterprise, 64-bit Windows 7 Enterprise, 64-bit Internet Explorer 10 Internet Explorer 9.0 Firefox 24 ESR Windows 8.1 Professional / Enterprise Windows 8 basic edition / Professional, 32-bit or 64-bit Windows 7 Ultimate / Professional / Home Basic / Home Premium, 32-bit or 64-bit Windows 7 SP1 Enterprise, 32-bit Windows Vista Enterprise / Ultimate / Business / Home- Basic / Home-Premium, 32-bit or 64-bit Windows P with SP3, 32-bit Internet Explorer 11 Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and later Oracle JRE 6 and later Mac Mac OS 10.9, 64-bit Safari 7.0, Oracle JRE 7 Mac OS 10.8, 64-bit Safari 6.0 Mac OS 10.8, 32-bit Mac OS 10.7.4, 64-bit Mac OS 10.7.3, 32-bit Mac OS 10.6.8, 32-bit and 64-bit Safari 5.2, Oracle JRE 7 Safari 5.1, Oracle JRE 7 Safari 5.0, Oracle JRE 6 3
Pulse Secure Client Software Table 2: page 4 lists platform requirements for the Pulse client. Table 2: Pulse Client Operating System Browsers/Java Qualified Compatible Windows Windows 8.1 Enterprise, 64-bit Windows 8 Enterprise, 64-bit Windows 7 SP1 Enterprise, 64-bit Internet Exporer 11 Internet Explorer 10 Internet Explorer 9.0 Firefox 24 ESR Windows 8.1 Enterprise, 32-bit Windows 8 basic edition / Professional, 32-bit Windows 7 Ultimate / Professional / Home Basic / Home Premium, 32-bit or 64-bit Windows 7 SP1 Enterprise, 32-bit Windows Vista Enterprise / Ultimate / Business / Home- Basic / Home-Premium, 32-bit or 64-bit Windows P with SP3, 32-bit Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and later Oracle JRE 6 and later Mac * Mac OS 10.9, 64-bit Mac OS 10.8, 64-bit Safari 7.0 Safari 6.0 Mac OS 10.8, 32-bit Mac OS 10.6.8, 32-bit or 64-bit Mac OS 10.7.3, 32-bit Safari 5.2 Oracle JRE 6 Safari 5.1 Oracle JRE 6 Safari 5.0 Oracle JRE 6 *The Pulse client on Mac does not support 802.1x. Odyssey Access Client (OAC) 5.6Rx and 5.5Rx are compatible with this release. Table 3: on page 4 lists platform requirements for OAC. Table 3: OAC Operating System Browsers/Java Qualified Compatible Windows Windows 7 SP1 Enterprise, 64-bit Internet Explorer 9.0 Firefox 24 ESR 4
Operating System Browsers/Java Qualified Compatible Windows 7 Ultimate / Professional / Home Basic / Home Premium, 32-bit or 64-bit Windows 7 SP1 Enterprise, 32-bit Windows Vista Enterprise / Ultimate / Business / Home- Basic / Home-Premium, 32-bit or 64-bit Windows P with SP3, 32-bit Internet Explorer 7.0 Firefox 3.0 and later Oracle JRE 6 and later Third-Party 802.1x Supplicants Table 4: on page 5 lists platform requirements for third-party 802.1x supplicants. Table 4: Third-Party 802.1x Supplicants Platform Environment Qualified Compatible Windows Windows Windows 8.1 Enterprise, 64-bit Windows 8 Enterprise, 64-bit Windows 7 SP1 Enterprise, 64-bit Windows Windows 8 basic edition / Professional, 32-bit or 64-bit Windows 7 Ultimate / Professional / Home Basic / Home Premium, 32-bit or 64-bit Windows 7 SP1 Enterprise, 32-bit Windows Vista Ultimate / Business / Home-Basic / Home- Premium with SP 2, 32-bit or 64-bit Windows P Home with SP3, 32-bit Mac Mac Mac OS 10.9, 64-bit Mac OS 10.8, 64-bit Mac Mac OS 10.8, 32-bit Mac OS 10.7.3, 64-bit Mac OS 10.7.3, 32-bit Mac OS 10.6.8, 32-bit, and 64-bit Google Android Google Android Android 4.3, 4.2, 4.1 Google Android Android 2.2 and later ios Apple ios ios 7.0, ios 6.x Apple ios ios 4.0 and later 5
Agentless Access (Browsers) Table 5: on page 6 lists desktop platform requirements for the agentless access using browsers. Table 5: Agentless Access (Browsers) Operating System Browsers/Java Qualified Compatible Windows Windows 8 Enterprise, 64-bit Windows 7 SP1 Enterprise, 64-bit Internet Explorer 10 Internet Explorer 9.0 Firefox 24 ESR Windows 8 basic edition / Professional, 32-bit or 64-bit Windows 7 Ultimate / Professional / Home Basic / Home Premium, 32-bit, or 64-bit platforms Windows 7 SP1 Enterprise, 32-bit or 64-bit Windows Vista Ultimate / Business / Home-Basic / Home- Premium with SP 2, 32-bit, or 64-bit platforms Windows P Home with SP3, 32-bit Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and later Oracle JRE 6 and later Mac Mac OS 10.9, 64-bit Mac OS 10.8, 64-bit Safari 7.0 Safari 6.0 Mac OS 10.8, 32-bit Mac OS 10.7.3, 32-bit Mac OS 10.6.8, 32-bit or 64-bit Safari 5.2 Sun JRE 6 Safari 5.1 Sun JRE 6 Safari 5.0 Sun JRE 6 Linux Ubuntu 12.04 LTS opensuse 12.1 Firefox 24 ESR opensuse 10.x and 11.x Ubuntu 9.10, 10.x, and 11.x Red Hat Enterprise Linux 5 Firefox 3.0 and later Oracle JRE 6 and later Solaris Solaris 10, 32-bit Firefox 24 ESR Solaris 10, 32-bit Mozilla 2.0 and later 6
Table 6:on page 7 lists requirements for the smart mobile devices that can gain agentless access to the network using the Web browsers indicated. Table 6: Smart Mobile Devices for Layer 3 Access Device/Operating System Browsers/Java Qualified Compatible Apple ios ios 7 ios 6.1 ios 5.0 Safari browser ipad or iphone with ios 4.0 and later Safari browser Google Android Android 4.3 Android 4.2 Android 4.1 Android native browser Android smart phoneswith Android 2.2 and later Android native browser RIM Blackberry Blackberry OS 10 Blackberry native browser Blackberry smart phones with Blackberry OS 6 and later Blackberry native browser Windows Mobile Windows Mobile 8 Internet Explorer Windows Mobile smart phones with Windows Mobile 6.5 Internet Explorer Symbian Symbian Devices with Symbian OS version 9.3: S60 3rd Edition Feature Pack 2 and later Symbian Native Browser Symbian Devices with Symbian OS version 9.3: S60 3rd Edition Feature Pack 2 and later Symbian Native Browser 7
Agentless Access (Java-Based) Table 7: on page 8 lists platform requirements for the agentless access that is Java-based. Table 7: Agentless Access (Java-Based) Operating System Browsers/Java Qualified Compatible Linux opensuse 11.4, 32-bit Ubuntu 10.04 LTS, 32-bit Firefox 24 ESR opensuse 11.x and 10.x Ubuntu 11.x, 10.x, and 9.10 Red Hat Enterprise Linux 5 Firefox 3.0 and later Oracle JRE 6 and later Platform Support for AAA Table 8: on page 9 lists platform requirements for third-party AAA servers that are compatible with this release. Table 8: Third-Party AAA Servers Third-Party AAA Server Browsers/Java Compatible Active Directory * Windows 2012 Windows 2008 R2 Windows 2003 LDAP using Active Directory Windows 2012 Windows 2008 R2 Windows 2003 LDAP using Novell edirectory Novell Client for Windows 2000 / P Version 4.91 SP2 LDAP using Sun ONE iplanet Server Sun ONE Directory Server 5.2 LDAP with Pulse Secure Endpoint Profiler Beacon 4.1.0-20 LDAP (other standards-compliant servers) OpenLDAP 2.3.27 Authentication and authorization based on user attributes or group membership. RADIUS Steel-Belted Radius (SBR) 6.1 RSA Authentication Manager 6.1 Defender 5.2 Windows IAS 2008 8
Table 8: Third-Party AAA Servers (continued) Third-Party AAA Server Browsers/Java Compatible RADIUS (other standards-compliant servers) ACE RSA Authentication Manager 7.1 SP4 RSA Authentication Manager 6.1 RSA Authentication Manager 5.2 Siteminder CA Siteminder 12.0 SP3 CA Siteminder 6.0 SP4 CA Siteminder 5.5 Certificate Windows Server 2008 R2 Certificate Services RSA Keon Certificate Manager 6.5.1 Certificate (other standards-compliant servers) SQL Oracle 11g Express Edition * Additional requirements and limitations apply. See Active Directory. MDM Solutions Table 9: on page 9lists the requirements for integration with mobile device management (MDM) vendors. Table 9: MDM Vendors Solution Qualified Compatible AirWatch Cloud service 6.5.0.0 Appliance OS Virtual appliance OS MobileIron Cloud service VSP 5.8.0 Appliance OS Virtual appliance OS 9
802.1x Authenticators in Layer 2 Network Access Control Deployments Table 10: on page 10 lists the 802.1x authenticators that have been qualified with this release. 802.1x authenticators are Layer 2 Ethernet switches. In addition to the qualified platforms, other 802.1x standardscompliant Ethernet switches are compatible. Table 10: 802.1x Authenticators Dynamic Platforms Hardware Models Junos OS Release VLAN RFC 3580 Support Qualified Compatible E Series E 8200 E 6200 E 4500 E 4200 E 3300 E 3200 E 2200 Junos OS 12.3R3 Yes Yes SR Series SR 100 Junos OS 12.145-D10, 12.144-D20 No SR Series SR 3400 SR 1400 SR 650 SR 240 SR 220 SR 210 Junos OS 12.145-D10, 12.144-D20 Yes J Series J6350, J4350, J2350, J2320 JunosOS12.145- D10,12.144-D20 Yes 802.1x (other standards-compliant Ethernet switches) Endpoint Security Assessment Plug-in (ESAP) Compatibility ESAP package version 2.1.9 is the minimum version to be compatible with this release. The default version for ESAP is 2.4.4. Infranet Enforcers in Layer 3 Resource Policy Deployments Table 11: on page 11 lists Infranet Enforcers that have been qualified with this release. Infranet Enforcers are enforcement points in Layer 3 resource policy deployments. In addition to the qualified platforms, other Screen OS, SR Series, and E Series models are compatible, provided the firewall or switch model and software version supports integration with UAC. 10
Table 11: Infranet Enforcers Platform HardwareModels Software Versions * ScreenOS NS5400, NS5200 SSG550M, SSG520M, SSG350M, SSG320M SSG140, SSG20, SSG5 SSG20 (Wireless), SSG5 ISG2000 with IDP Security Module ISG2000 ISG1000 with IDP Security Module ISG1000 ScreenOS 6.3.0R15, 6.2.0R18 J Series Junos OS 10.4R16 SR Series SR 5800 SR 5600 SR 3600 SR 3400 SR 1400 SR 650 SR 240 SR 220 SR 210 SR 110 SR 100 Junos OS 12.145-D10,12.144-D20 E Series E 8200 E 6200 E 4500 E 4200 E 3300 E 3200 E 2500 Junos OS 12.3R3 IDP Devices in Coordinated Threat Control Deployments Table 12: on page 11 lists the IDP devices that are supported. Table 12: IDP Devices in Coordinated Threat Control Deployments HardwareModels HardwareModels IDP-8200 IDP-800 IDP-250 IDP-75 5.1R3 (Standalone) Network and Security Manager Compatibility This release has been qualified with NSM 2010.3s13 and NSM 2012.2R4. 11
IF-MAP Compatibility Table 13: on page 12 lists the IF-MAP clients that are supported. Table 13: IF-MAP clients IF-MAP Client Qualified Compatible Secure Access Service 8.0 Access Control Service 5.0 Third-party IF-MAP 1.x clients Revision History Table 14: on page 12 lists the revision history for this document. Table 14: Revision History Revisionc Description 01/December 2, 2013 Initial publication. 02/January 10, 2014 Updated to indicate support for Pulse Desktop Client onwindows 8.1. 03/January 31, 2014 Updated to indicate that OAC is not supported onwindows 8/8.1. 12