Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1090
Views
10
Helpful
4
Replies

AnyConnect Webdeploy upgrade question

Go to solution
N3t W0rK3r
Level 3
Level 3

‎09-22-2020 09:20 AM

We are planning to upgrade our AC clients, for the first time, by using the ASA headend (4.9.0195 webdeploy package) for Windows.

 

Question is, can I specify that the new image only be used by a specific group-policy before making it available to everyone?  I'd like to test the auto-upgrade with a small group of users before going all out with it, since many of us now work from home and if something breaks it's gonna affect a lot of people.

 

Suggestions are welcome.

 

Thanks.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-22-2020 09:57 AM

The majority of the time it succeeds without issue, if it failed (rarely) it was an obscure local environment reason.

 

Most of the organisations I've worked with, the application deployment team refuses to support automatic updates pushed out from network devices, and thus they've deployed using SCCM. The network team was happy not to be responsible!!

 

The installed modules will be upgraded.

 

HTH

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎09-22-2020 09:26 AM

Hi @N3t W0rK3r 

Unfortunately it's a global setting configured under webvpn and deployed to all users once they successfully authenticate.

 

webvpn
 anyconnect image disk0:/anyconnect-win-4.9.00195-webdeploy-k9.pkg 1

You can configure the local AnyConnect VPN profile to bypass the downloader, you'd need to deploy a different profile to the users you do/don't wish to upgrade.

 

Alternatively you could possibly deploy using your management tools such as SCCM, that can target a subset of users to deploy applications.

 

HTH

Go to solution
N3t W0rK3r
Level 3
Level 3
In response to Rob Ingram

‎09-22-2020 09:50 AM

Thanks Rob, that's what I suspected.  Thank you for confirming.

In your experience, does the webdeploy upgrade method ever fail?  Does the upgrade process required local admin privs or anything special like that?

And what about modules... will the webdeploy method upgrade only the modules currently installed on the client, or will it install all modules and upgrade only the ones already present?  Not clear on this aspect.

 

Thanks again.

 

John

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎09-22-2020 09:57 AM

The majority of the time it succeeds without issue, if it failed (rarely) it was an obscure local environment reason.

 

Most of the organisations I've worked with, the application deployment team refuses to support automatic updates pushed out from network devices, and thus they've deployed using SCCM. The network team was happy not to be responsible!!

 

The installed modules will be upgraded.

 

HTH

Go to solution
N3t W0rK3r
Level 3
Level 3
In response to Rob Ingram

‎09-22-2020 10:00 AM

Sounds good to me.  I will reach out to our sw deployment team to get them involved.

Cheers.

 

John

0 Helpful
Customers Also Viewed These Support Documents