Skip to main content

Deploying Anyconnect with only Umbrella module: Mac and Windows

pjain2
  • Updated
  • min read

Overview

This article describes the custom installation process for Anyconnect web security module on both MAC and Windows.

MAC

There are 2 deployment types for Anyconnect, one is a webdeploy based installation which is automatically installed by a Cisco Firewall or Router, and a pre-deploy installation, which requires user intervention.

In this scenario, the pre-deploy installation is customised on MAC endpoints to only install the selected modules.

Note: Any Anyconnect feature module (Web security, AMP, Umbrella, posture etc) installation requires vpn module installation. However, the Anyconnect vpn window can be hidden on the user machine and only the specific feature modules can be made visible to the users.

 

Step 1. Convert the .dmg Package

Convert the .dmg package from a read-only state to read-write, with the use of Disk Utility or hdiutil as shown in the image.

hdiutil convert anyconnect-macos-4.10.01075-predeploy-k9.dmg -format UDRW -o anyconnect-macos-4.10.01075-predeploy-k9-rw.dmg

Screenshot_2021-07-14_at_2.58.26_PM.png

 

Step 2. Run the Converted File

Run the converted file anyconnect-macos-4.10.01075-predeploy-k9-rw.dmg in order to initiate the installation process.

Screenshot_2021-07-14_at_3.25.50_PM.png

Step 3. Generate the Installer.xml file

This example is intended to send all the installer options to a text file called vpn_install_choices.xml, which will be created in the Downloads folder. For example:

Screenshot_2021-07-14_at_2.59.20_PM.png

Step 4. Extract the Install Options

The code presented, is an XML code from the vpn_install_choices.xml file, it contains the necessary code to custom install all the Anyconnect modules:

Screenshot_2021-07-14_at_3.20.03_PM.png

Note:

The above xml file installs the VPN(which will be hidden later), Umbrella Roaming Security and DART modules by setting the integer value to 1 and setting the rest to 0.

 

 

 

Step 5. Make changes to the ACTransforms.xml file to hide the VPN module

Under the profiles folder, ACTransforms.xml file needs to have the line <disablevpn>true</disablevpn> uncommented.

Contents of ACTransforms.xml file:

<!-- Optional AnyConnect installer settings are provided below. Uncomment the setting(s) to perform optional action(s) at install time. -->
<Transforms>
<!-- <DisableVPN>true</DisableVPN> -->
<!-- <DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback> -->
</Transforms>

Step 6. Copy the vpn_install_choices.xml and install Anyconnect 

You can install the Anyconnect using command line as shown below or use this as a DMG package to be pushed out to the clients for installation.

Copy the vpn_install_choices.xml file to the Anyconnect DMG bundle and then install the Anyconnect client, based on the XML vpn_install_choices.xml file. As shown in the image:

Screenshot_2021-07-14_at_3.00.19_PM.png

Windows:

Details in the article AnyConnect Roaming Security Module: Pre-Deployment Tips

Was this article helpful?

1 out of 2 found this helpful
Have more questions? Submit a request

Related articles