Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3034
Views
0
Helpful
4
Replies

Umbrella package and certificate

Go to solution
skywalker_007
Spotlight
Spotlight

‎01-11-2021 03:02 PM

We have anyconnect vpn software on all client machines connecting to a central site having ASAv.

 

The client machines are mix of windows and Mac OS.

Customer has purchased umbrella advantage .

 

Goal is to distribute modulen package, config  and root certificate to all clients .

There is no sccm .

But there's is airwave. Do we have a guide how to do it ?

 

Can we do it directly from ASAv the moment user connect next time to vpn? 

 

There should be a standard procedure for all client types like windows macos

 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
takiadeen
Level 1
Level 1

‎01-23-2021 10:34 AM

With ASA AnyConnect you can enable pushing the Umbrella module as well the deployment of OrgInfo.json file to the AnyConnect clients. For Certificates I believe it won't be possible to do it through the ASA and you will need to deploy it yourself. 

For Umbrella module
1- upload the OrgInfo.json (if required to be installed) to disk of the ASA. 
2- the configuration under webvpn 

 

Webvpn
anyconnect profiles orginfo disk0:/OrgInfo.json
exit

 

3- Enable the Umbrella module for the anyconnect group policy

group-policy <Group_Policy_Name> attribute
    webvpn
        anyconnect profiles value orginfo type umbrella
        anyconnect modules value Umbrella

 

 

For more info you can check umbrella documentation
https://docs.umbrella.com/deployment-umbrella/docs/the-anyconnect-plugin-umbrella-roaming-security-client-administrator-guide#update

View solution in original post

0 Helpful

Go to solution
skywalker_007
Spotlight
Spotlight
In response to takiadeen

‎01-23-2021 10:38 AM

Thank you . This is clear now 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ToucanzooX
Level 1
Level 1

‎01-23-2021 07:20 AM

Hello, you can not do this directly from the ASA at the moment.

0 Helpful

Go to solution
takiadeen
Level 1
Level 1

‎01-23-2021 10:34 AM

With ASA AnyConnect you can enable pushing the Umbrella module as well the deployment of OrgInfo.json file to the AnyConnect clients. For Certificates I believe it won't be possible to do it through the ASA and you will need to deploy it yourself. 

For Umbrella module
1- upload the OrgInfo.json (if required to be installed) to disk of the ASA. 
2- the configuration under webvpn 

 

Webvpn
anyconnect profiles orginfo disk0:/OrgInfo.json
exit

 

3- Enable the Umbrella module for the anyconnect group policy

group-policy <Group_Policy_Name> attribute
    webvpn
        anyconnect profiles value orginfo type umbrella
        anyconnect modules value Umbrella

 

 

For more info you can check umbrella documentation
https://docs.umbrella.com/deployment-umbrella/docs/the-anyconnect-plugin-umbrella-roaming-security-client-administrator-guide#update

0 Helpful

Go to solution
skywalker_007
Spotlight
Spotlight
In response to takiadeen

‎01-23-2021 10:38 AM

Thank you . This is clear now 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-28-2021 03:42 AM

@takiadeen 's solution takes care of the AnyConnet module plus required OrgInfo.json.

The Umbrella root certificate can be pushed via GPO.

0 Helpful
Customers Also Viewed These Support Documents