Juniper Pulse Secure - Full Tunnel

We have a number of users that use Pulse Secure VPN client to connect to a 3rd party, which is configured in Full Tunnel mode. Everything works in Tunnel 1.0 configuration but we are making a move to Tunnel 2.0 where it fails to function. The connection is not established fully and both Pulse Secure and ZCC go into Connecting and Connected state.

Working Scenario (current)

  • Tunnel Driver Type: Packet Filter Based
  • On Trusted Network: Tunnel, Tunnel 1.0
  • System Proxy: Never
  • VPN Trusted Network: Same as On Trusted Network
  • Off Trusted Network: Same as On Trusted Network

Non-Working Scenario (goal)

  • Tunnel Driver Type: Packet Filter Based
  • On Trusted Network: Tunnel, Tunnel 1.0
  • System Proxy: Never
  • VPN Trusted Network: Same as On Trusted Network
  • Off Trusted Network: Tunnel 2.0
  • Transport Settings: TLS
  • System Proxy: FWD PAC

The VPN destination is in the App PAC, Fwd PAC, VPN Gateway Bypass and still fails. Tried the following without success:

  • added the DNS domain of the 3rd party to the DNS search suffix so it drops down to Tunnel 1.0 - fails
  • added the DNS domain of the 3rd party to the DNS search suffix so it’s detected as VPN Trusted Network and set to None (disabled) - fails
  • tried Tunnel with Local Proxy for VPN Trusted Network - fails
  • tried DTLS transport - fails

It appears when switching from Z-Tunnel 2.0 to 1.0 or to disable ZIA completely, it fails and only likes when it remains on Z-Tunnel 1.0 throughout the connection.

Looking for suggestions?

The solution was upgrading to a newer version of Pulse Secure client which is supported via Z-Tunnel 2.0.