02-22-2024 03:32 AM - last edited on 02-22-2024 08:04 AM by shazubai
Dear Community,
We plan to upgrade AnyConnect agent version 4.xx to new Secure Client agent 5.xx through ISE server web portal.
There have around 7K endpoints PC using AnyConnect 4.XX
Could you share good practice how to push upgrade new Secure Client agent from ISE server?
1. Does ISE can push upgrade agent 300 PCs per time? if yes, how to do it?
2. Does ISE can push upgrade new agents to all PCs at the same time? if yes, how to do it?
3. In case #2 failed, how to restore existing PC ( using AC 4.XX ) still working fine?
Remark: We use ISE 3.1 P6
Well appreciated for your supporting.
Best Regards,
02-28-2024 03:38 PM
ISE does not push AnyConnect or Secure Endpoint software to endpoints. That is the job of the ASA/FTD when users make a connection to those firewall devices.
02-29-2024 12:32 AM - edited 02-29-2024 12:33 AM
02-29-2024 06:28 AM
Yes only if your endpoints are actually using CPP flows. Do all of your endpoints use Posture or BYOD flows?
03-07-2024 12:21 AM
03-18-2024 08:41 AM
03-18-2024 08:51 AM
"Posture Less" What does this mean? Earlier you said you use Posture Flow?
02-29-2024 06:41 AM
As @ahollifield mentioned, the statement you highlighted only applies in a few ISE use cases. Generally, we depend on either an enterprise software management tool or, where VPN is widely used, the headend firewall to deploy new Secure Client versions.
If we are doing ISE posture, it CAN be used to deploy the modules but you should take care to sync what is being pushed from your VPN headend to avoid the systems conflicting with each other.
03-18-2024 08:44 AM
Dear @Marvin Rhoads ,
Do all endpoints require have connection both ( dot1x or VPN connection ) to upgrade to new agents?
Thanks,
03-18-2024 08:53 AM
For VPN you would upgrade from headend instead. The endpoints must be in a flow that uses a Client Provisioning Portal. 802.1X or VPN alone is not enough to push new Cisco Secure Client packages/versions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide