How does this impact me?
This impacts you if you are deploying Pulse Secure or Check Point Capsule Connect VPN profiles for iOS that use certificate-based authentication. This impacts both Intune on Azure and hybrid mobile device management (MDM) tenants.
When users update to Pulse Secure 7.0.0 for iOS or Check Point Capsule Connect versions 1.600 for iOS, the updated VPN client may not read the authentication certificate and will instead report that the certificate is not found on the device -- even if the certificate already exists.
Also, if you are using the same authentication certificate for Pulse Secure as for other apps, those apps may lose access to the certificate when Pulse Secure is updated to version 7.0.0. This is not seen with Check Point. For issues where the authentication certificate is shared between Pulse Secure and different apps, and the other apps lose access to the certificate, you will need to re-deploy the certificate. This involves removing the assignment (or deployment for hybrid MDM) and then re-assigning (re-deploying) the certificate again to the same groups.
Pulse Secure is working with Apple to resolve these issues; in the meantime, you'll need to apply a workaround if you're using certificate-based authentication for Pulse Secure VPN for iOS.
There are two workarounds to the certificate not being read in Pulse Secure or Check Point Connect:
1. If you have iOS devices that have already upgraded to Pulse Secure 7.0.0 or Check Point Capsule Connect 1.600 and are experiencing this issue, you can force the VPN profile to be updated on the device by changing the Connection name value:
2. If you have iOS devices that are still on Pulse Secure 6.8.0 or earlier, you can prevent the issue by creating a new VPN profile with a Connect type value of Custom VPN and using net.pulsesecure.pulsesecure as the VPN identifier . Note that this option is only available for Intune on Azure. For Check Point Capsule Connect, use com.checkpoint.CheckPoint-VPN.app as the VPN identifier .
Let us know if you have any questions. We'll keep this post updated as we hear more about this from Pulse Secure and Check Point.
9/24/18: Updated to add similar issues with Check Point
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.