Ivanti Connect Secure (VPN) is a robust SSL VPN solution that enables secure, seamless access to corporate applications and data for remote and mobile users from any web-enabled device, including laptops, smartphones, and tablets, anytime, anywhere. Previously known as Pulse Connect Secure, it is one of the most widely deployed SSL VPNs across industries, supporting organizations of all sizes. The solution provides a unified access gateway with features like layer 3 VPN, per-app VPN, single sign-on (SSO), and endpoint compliance checks, ensuring secure and compliant access to on-premises and cloud-based resources. It integrates with identity providers, mobile device management (MDM), and security tools, offering advanced authentication (e.g., biometric, SAML 2.0) and granular access controls. Ivanti Connect Secure supports Zero Trust principles through its Universal Access License (UAL), allowing simultaneous deployment of VPN and Zero Trust Network Access (ZTNA) gateways.
- Architecture:
- Components:
- Ivanti Connect Secure Appliance: Physical or virtual appliance (on-premises or cloud) serving as the VPN gateway.
- Ivanti Secure Access Client: Client software for Windows, macOS, iOS, Android; supports agentless access via browser.
- Management Console: Web-based interface for policy configuration, monitoring, and reporting.
- Ivanti Neurons Integration: Optional cloud-based analytics and automation.
- Deployment Options:
- On-Premises: Physical appliances (PSA series) or virtual appliances (vADC).
- Cloud: AWS, Azure, Google Cloud via BYOL (Bring Your Own License).
- Hybrid: Combines on-premises appliances with cloud-based management.
- Scalability: Supports thousands of concurrent users; high-availability clustering for redundancy.
- Operation Mode: Client-based (Secure Access Client) or agentless (browser-based); supports always-on, on-demand, or per-app VPN.
- Components:
- Supported Platforms:
- Clients: Windows 10/11, macOS 11–14, iOS 11+, Android 8+, Linux (limited features).
- Browsers: Chrome, Edge, Firefox, Safari for agentless access.
- VDI: Citrix Virtual Apps and Desktops, VMware Horizon, Azure Virtual Desktop.
- Cloud: AWS, Azure, Google Cloud for resource access and deployment.
- Authentication:
- Methods: Biometric, TOTP, SAML 2.0, PKI, digital certificates, IAM (Azure AD, Okta).
- MFA: Duo, Cisco Secure, Google Authenticator, RSA SecurID.
- SSO: SAML 2.0, OAuth 2.0 for seamless access to cloud apps.
- Access Control:
- Endpoint Compliance: Host Checker verifies antivirus, encryption, and patch status before granting access.
- Conditional Access: Policies based on user role, device type, location, or compliance status.
- Traffic Enforcement: Ensures all traffic flows through the VPN tunnel (macOS-specific routing).
- VPN Features:
- Modes: Always-on, on-demand, per-app VPN (iOS, Android, macOS, Windows).
- Protocols: SSL/TLS, ESP for layer 3 tunneling.
- Split Tunneling: Configurable to route specific traffic through VPN or directly to the internet.
- Per-App VPN: Encrypts data for specific apps without SDKs or app wrapping.
- Security:
- Encryption: FIPS 140-2 certified cryptographic module for data-in-motion.
- Certificate-Based Auth: Passwordless access to prevent man-in-the-middle attacks.
- Lock-Down Mode: Blocks non-VPN traffic when enabled (Windows, macOS).
- Vulnerabilities: Recent CVEs (e.g., CVE-2025-0282, CVE-2025-22457) require patching to prevent remote code execution (RCE).
- Integrations:
- Identity: Azure AD, Okta, Ping Identity, Active Directory.
- MDM/EMM: Ivanti Neurons for UEM, MobileIron, Microsoft Intune.
- Security: Ivanti Policy Secure (NAC), Palo Alto Networks, Splunk, SIEM, NGFWs.
- ITSM: ServiceNow for ticketing and workflows.
- APIs: Limited REST APIs; no full API suite available.
- Visibility and Reporting:
- Dashboards: Real-time views of user sessions, device compliance, and access activity.
- Logs: Tracks user activity, connection status, and security events; exportable to SIEM.
- Integrity Checker Tool (ICT): Detects unauthorized changes to appliance files.
Related products
-
Endpoint Management, Software
Ivanti Endpoint Manager
Ivanti Endpoint Manager is a unified client management solution for discovering, managing, and securing Windows, macOS, and Linux endpoints, offering real-time visibility, automated software deployment, patch management, and compliance enforcement.
SKU: ivanti-endpoint-manager -
Software
Ivanti Neurons for Patch Management
Ivanti Neurons for Patch Management is a cloud-native platform that delivers actionable threat intelligence and device risk visibility, enabling prioritized vulnerability remediation for Windows, macOS, Linux, and third-party applications.
SKU: Ivanti Neurons for Patch Management -
-
NAC, Software
Portnox’s Network Access Control (NAC)
Portnox Cloud is a cloud-native NAC solution that unifies Zero Trust access control, passwordless authentication, and 24/7 risk monitoring, delivering rapid deployment and compliance enforcement for all devices across wired, wireless, and VPN networks.
SKU: portnox-cloud -
NAC, Software
HPE Aruba ClearPass Policy Manager
ClearPass Policy Manager is a vendor-agnostic NAC solution that enforces Zero Trust access control with role-based policies, device profiling, and integrated BYOD, guest, and posture assessment, seamlessly integrating with multi-vendor networks and security ecosystems.
SKU: clearpass-policy-manager
