05-20-2015 01:21 AM - edited 03-08-2019 05:36 PM
Hi,
I'm doing a new install of CWS/Anyconnect. I'd like to do a predeployment of the client and a basic policy. I'd like the client to then auto download policy updates/whitelists without having to VPN or directly connect to the corp network.
Please could someone confirm if the AnyConnect client is able to automatically download CWS profile updates from the CWS/Scansafe portal or would I need to place new policies on the ASA for the client to download when they VPN in?
Also, what controls are available for this? Can I define different policies for different users and the AnyConnect client will grab the one based on the user login details?
Thanks
Solved! Go to Solution.
05-20-2015 05:54 AM
Hi Stuart,
In the CWS portal, their's an option to upload AC configuration files, this is known as Hosted Config.
You can use this to push updates for the AC like TND, exceptions etc.
You can make the changes to the AC profile, upload the file onto the CWS portal and when the end users connect, they would download and use the updated file instead of the old config file.
You can check the Scancenter Administrator guide for more information about Hosted Config files for Anyconnect.
Kush Srivastava
Cisco PDI TA
http://www.cisco.com/web/partners/tools/pdita.html
05-20-2015 05:37 AM
Hi,
In CWS, all the Web filtering policies are created on the CWS portal. You need to create a Anyconnect profile using the profile editor, enter the Authentication key generated from the portal onto the AnyconnectProfile for traffic identification.
Then you can install the Anyconnect web security module either through the ASA or through GPO and using the profile created above the AC is able to connect to the CWS and apply the web filtering policies to client PC's without them connecting to the Corp network.
You can refer to the CWS Anyconnect Deployment guide at http://www.cisco.com/c/en/us/support/security/cloud-web-security/products-installation-and-configuration-guides-list.html for more information.
Regards,
Kush Srivastava
Cisco PDI TA
http://www.cisco.com/web/partners/tools/pdita.html
05-20-2015 05:45 AM
Thanks Kush,
What happens if updates are needed for static exceptions and TND configurations? I've not seen anywhere within the scansafe portal to configure these.
05-20-2015 05:54 AM
Hi Stuart,
In the CWS portal, their's an option to upload AC configuration files, this is known as Hosted Config.
You can use this to push updates for the AC like TND, exceptions etc.
You can make the changes to the AC profile, upload the file onto the CWS portal and when the end users connect, they would download and use the updated file instead of the old config file.
You can check the Scancenter Administrator guide for more information about Hosted Config files for Anyconnect.
Kush Srivastava
Cisco PDI TA
http://www.cisco.com/web/partners/tools/pdita.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide