topic Re: Loading Cisco Secure Client on FTD firewall in Network Security

Loading Cisco Secure Client on FTD firewall

DEENA VERAPPAN — Tue, 18 Jun 2024 23:08:14 GMT

I would like to install the new cisco secure client 5.1.4-74, which will auto update when remote users log in. However I would only like to install the vpn client, and not the rest of the msi's that are loaded in the cisco-secure-client-win-5.1.4.74-webdeploy-k9.pkg. Is there a way to, strip out the other MSI's and just install the vpn client?

When trying to load the client through FMC, with file type of Secure Client Image, the default extension is listed as .pkg(see attached pic.)

Re: Loading Cisco Secure Client on FTD firewall

ccieexpert — Tue, 18 Jun 2024 23:35:57 GMT

Why do you want to strip out the other modules ? you control from FMC group policy what modules you want pushed to the client.. i dont see a valid reason to remove it from the package.. The package is a compressed archive format, and can be opened using 7zip etc.. and i was able to remove executables... but i am not sure if Cisco checks the hash etc of the pkg with something inside or some other method... i dont have a fmc handy to test it out... but would like to hear from you on the use case before we dig into further ?

Re: Loading Cisco Secure Client on FTD firewall

Marvin Rhoads — Wed, 19 Jun 2024 13:03:55 GMT

You always use the pkg file on the VPN headend. As @ccieexpert noted, the group policy associated with the VPN connection controls where any modules beyond the default (Core and VPN) are downloaded, as well as their associated profiles (if any).

Re: Loading Cisco Secure Client on FTD firewall

DEENA VERAPPAN — Wed, 19 Jun 2024 22:25:25 GMT

Thank you for the feedback. I wasn't expecting to see all the other modules as part of the package. Looking at the Group Policy, I could see where I'm able to select the modules to be implemented.

Thank you again, appreciate the support.