All Topics » Pulse Policy Secure

Catch - All User Realm for unknown User Suffixes

Contributor (0)
Mar 24, 2016 9:58am
So, we need to handle unknown user suffixes to a catch-all user Realm, which in turn proxies to upstream RADIUS servers. We need to do this for external organizations to be able to use our WiFi using their home credentials (we want to participate in eduroam,

So, the setup is like this:

Known user suffix ( --> "User may specify the realm name as a username suffix" checked --> correct user realm is chosen --> Done. Doesn't work for unknown suffixes / suffixes that don't match an existing Realm of course.

Now, if I uncheck "User may specify the realm name as a username suffix" I can proxy ALL RADIUS requests, which I don't want for 'local' requests, i.e. requests from

If I check ""User may specify the realm name as a username suffix" I cannot use unknown suffixes.

But, how would I authenticate requests with a suffix locally and proxy all the other requests? Can this be done with Policy Secure?


.) needs to be authenticated against our LDAP directory
.) needs to be proxied to upstream RADIUS.

Same authentication protocol set in both cases.

I don't think so but would like to have a second opinion.

Contributor (1)
May 2, 2016 1:28pm
You are correct. There is no option for unknown suffixes in PPS today.

This feature has been asked for in the past by large education customers using EduRoam. I "think' an enhancement request has been filed for this, but I do not know with 100% certainty. I would suggest you reach out to your account team and ask them to file the request for you or add your account to the request.


Craig Brauckmiller
Sr. Escalation Engineer