Pulse Secure - ESP switching to SSL after timeout

Question

Does anyone have experience with setting up an Active/Active pair of Pulse Secure PSAs behind the F5 using LTM? We have a VS set-up with access to the backend appliances. The Pulse client connects successfully using SSL initially, switches to ESP, then falls back to SSL after reaching the timeout of 15 seconds which is the default on the PSA. We have a persistent profile configured for the VS that is configured for UDP:4500. There is no firewall that is blocking UDP:4500.

Any suggestions?

jerry_bruce · Answer

We were able to solve this. We determined that UDP:4500 was being blocked from the F5 to the external interfaces on the cluster. Once the traffic was being allowed the sessions would still not maintain an ESP connection until we disabled the SPI lookup

modify sys db ipsec.lookupspi value disable

(K14169).

Forum Discussion

Pulse Secure - ESP switching to SSL after timeout

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 Security Podcasts

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Get Started with WAAP Security Incidents

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS