https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5022617#M587579 <P>Dear Community,</P> <P>We plan to upgrade AnyConnect agent version 4.xx to new Secure Client agent 5.xx through ISE server web portal.</P> <P>There have around 7K endpoints PC using AnyConnect 4.XX</P> <P>Could you share good practice how to push upgrade new Secure Client agent from ISE server?</P> <P>1. Does ISE can push upgrade agent 300 PCs per time? if yes, how to do it?</P> <P>2. Does ISE can push upgrade new agents to all PCs at the same time? if yes, how to do it?</P> <P>3. In case #2 failed, how to restore existing PC ( using AC 4.XX ) still working fine?</P> <P>Remark: We use ISE 3.1 P6</P> <P>Well appreciated for your supporting.</P> <P>Best Regards,&nbsp;</P> <P>&nbsp;</P> Thu, 22 Feb 2024 16:04:05 GMT Da ICS16 2024-02-22T16:04:05Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5022617#M587579 <P>Dear Community,</P> <P>We plan to upgrade AnyConnect agent version 4.xx to new Secure Client agent 5.xx through ISE server web portal.</P> <P>There have around 7K endpoints PC using AnyConnect 4.XX</P> <P>Could you share good practice how to push upgrade new Secure Client agent from ISE server?</P> <P>1. Does ISE can push upgrade agent 300 PCs per time? if yes, how to do it?</P> <P>2. Does ISE can push upgrade new agents to all PCs at the same time? if yes, how to do it?</P> <P>3. In case #2 failed, how to restore existing PC ( using AC 4.XX ) still working fine?</P> <P>Remark: We use ISE 3.1 P6</P> <P>Well appreciated for your supporting.</P> <P>Best Regards,&nbsp;</P> <P>&nbsp;</P> Thu, 22 Feb 2024 16:04:05 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5022617#M587579 Da ICS16 2024-02-22T16:04:05Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5028397#M587773 <P>ISE does not push AnyConnect or Secure Endpoint software to endpoints. That is the job of the ASA/FTD when users make a connection to those firewall devices.</P> Wed, 28 Feb 2024 23:38:56 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5028397#M587773 Arne Bier 2024-02-28T23:38:56Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5029241#M587786 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp; This question comes from the following statements from official Cisco's book:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rezaalikhani_0-1709195507134.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/211404iDA2781169D3B4F6F/image-size/large?v=v2&amp;px=999" role="button" title="rezaalikhani_0-1709195507134.png" alt="rezaalikhani_0-1709195507134.png" /></span></P><P>&nbsp;</P> Thu, 29 Feb 2024 08:33:18 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5029241#M587786 rezaalikhani 2024-02-29T08:33:18Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5029885#M587797 <P>Yes only if your endpoints are actually using CPP flows.&nbsp; Do all of your endpoints use Posture or BYOD flows?&nbsp;&nbsp;</P> Thu, 29 Feb 2024 14:28:58 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5029885#M587797 ahollifield 2024-02-29T14:28:58Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5029899#M587801 <P>As <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/199513">@ahollifield</a> mentioned, the statement you highlighted only applies in a few ISE use cases. Generally, we depend on either an enterprise software management tool or, where VPN is widely used, the headend firewall to deploy new Secure Client versions.</P> <P>If we are doing ISE posture, it CAN be used to deploy the modules but you should take care to sync what is being pushed from your VPN headend to avoid the systems conflicting with each other.</P> Thu, 29 Feb 2024 14:41:09 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5029899#M587801 Marvin Rhoads 2024-02-29T14:41:09Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5035654#M587951 <P>Dear&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/199513">@ahollifield</a>&nbsp;,</P><P>We use Posture flow.</P><P>Thanks,</P> Thu, 07 Mar 2024 08:21:45 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5035654#M587951 Da ICS16 2024-03-07T08:21:45Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042801#M588189 <P>Dear&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/199513">@ahollifield</a>&nbsp;,</P><P>We use posture less.&nbsp;</P><P>Let me know if you recommend on this.</P><P>&nbsp;</P><P>Thanks.</P> Mon, 18 Mar 2024 15:41:37 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042801#M588189 Da ICS16 2024-03-18T15:41:37Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042804#M588190 <P>Dear&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;,</P><P>Do all endpoints require have connection both ( dot1x&nbsp; or VPN connection ) to upgrade to new agents?</P><P>Thanks,</P> Mon, 18 Mar 2024 15:44:18 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042804#M588190 Da ICS16 2024-03-18T15:44:18Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042815#M588192 <P>"Posture Less"&nbsp; What does this mean?&nbsp; Earlier you said you use Posture Flow?</P> Mon, 18 Mar 2024 15:51:58 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042815#M588192 ahollifield 2024-03-18T15:51:58Z https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042817#M588193 <P>For VPN you would upgrade from headend instead.&nbsp; The endpoints must be in a flow that uses a Client Provisioning Portal.&nbsp; 802.1X or VPN alone is not enough to push new Cisco Secure Client packages/versions.</P> Mon, 18 Mar 2024 15:53:48 GMT https://community.cisco.com/t5/network-access-control/upgrade-to-cisco-secure-client-agent-version-5-through-ise-web/m-p/5042817#M588193 ahollifield 2024-03-18T15:53:48Z