Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1469
Views
0
Helpful
3
Replies

CWS and AnyConnect policy updates

Go to solution
StuartR
Level 1
Level 1

‎05-20-2015 01:21 AM - edited ‎03-08-2019 05:36 PM

Hi,

I'm doing a new install of CWS/Anyconnect. I'd like to do a predeployment of the client and a basic policy. I'd like the client to then auto download policy updates/whitelists without having to VPN or directly connect to the corp network.

Please could someone confirm if the AnyConnect client is able to automatically download CWS profile updates from the CWS/Scansafe portal or would I need to place new policies on the ASA for the client to download when they VPN in?

Also, what controls are available for this? Can I define different policies for different users and the AnyConnect client will grab the one based on the user login details?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kussriva
Level 1
Level 1
In response to StuartR

‎05-20-2015 05:54 AM

Hi Stuart,

 

In the CWS portal, their's an option to upload AC configuration files, this is known as Hosted Config.

You can use this to push updates for the AC like TND, exceptions etc.

You can make the changes to the AC profile, upload the file onto the CWS portal and when the end users connect, they would download and use the updated file instead of the old config file.

 

You can check the Scancenter Administrator guide for more information about Hosted Config files for Anyconnect.

 


Kush Srivastava
Cisco PDI TA
http://www.cisco.com/web/partners/tools/pdita.html

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
kussriva
Level 1
Level 1

‎05-20-2015 05:37 AM

Hi,

 

In CWS, all the Web filtering policies are created on the CWS portal. You need to create a Anyconnect profile using the profile editor, enter the Authentication key generated from the portal onto the AnyconnectProfile for traffic identification.

Then you can install the Anyconnect web security module either through the ASA or through GPO and  using the profile created above the AC is able to connect to the CWS and apply the web filtering policies to client PC's without them connecting to the Corp network.

 

You can refer to the CWS Anyconnect Deployment guide at http://www.cisco.com/c/en/us/support/security/cloud-web-security/products-installation-and-configuration-guides-list.html for more information.

 

Regards,


Kush Srivastava
Cisco PDI TA
http://www.cisco.com/web/partners/tools/pdita.html

 

0 Helpful

Go to solution
StuartR
Level 1
Level 1
In response to kussriva

‎05-20-2015 05:45 AM

Thanks Kush,

What happens if updates are needed for static exceptions and TND configurations? I've not seen anywhere within the scansafe portal to configure these.

0 Helpful

Go to solution
kussriva
Level 1
Level 1
In response to StuartR

‎05-20-2015 05:54 AM

Hi Stuart,

 

In the CWS portal, their's an option to upload AC configuration files, this is known as Hosted Config.

You can use this to push updates for the AC like TND, exceptions etc.

You can make the changes to the AC profile, upload the file onto the CWS portal and when the end users connect, they would download and use the updated file instead of the old config file.

 

You can check the Scancenter Administrator guide for more information about Hosted Config files for Anyconnect.

 


Kush Srivastava
Cisco PDI TA
http://www.cisco.com/web/partners/tools/pdita.html

 

0 Helpful
Customers Also Viewed These Support Documents