PK
LBN@ @ AnyConnectConfiguration.xsdUT J?ZJ?Zux
AnyConnect Package
Compliance ModuleThis will be a separatorAnyConnect Module SelectionISE PostureVPNWeb SecurityAMP EnablerASA PostureNetwork VisibilityUmbrella Roaming SecurityDiagnostic and Reporting ToolThis will be a separatorProfile SelectionISE PostureVPNWeb SecurityAMP EnablerNetwork VisibilityUmbrella Roaming SecurityCustomer FeedbackThis will be a separatorCustomization BundleAnyConnect can be customized to display your own corporate image in the software, scripts that can run during connection establishment and termination, transforms to alter the behavior of installers. Uploaded bundle must follow the guidelines specified in the documentation.Localization BundleAnyConnect can be localized for different languages. Configure language translations the software uses to translate its messages. Uploaded bundle must follow the guidelines specified in the documentation.This will be a separatorDeferred UpdateAllowed for AnyConnect SoftwareIf set to 'Yes', the end user can defer the update as long as they already meet the minimum version in the setting below, for all required AnyConnect modules.Minimum Version Required for AnyConnect SoftwareFormat is 'n.n.n'. '0.0.0' means no minimum version is required. '3' means minimum version is 3.0.0, '3.2' means minimum is 3.2.0.Allowed for Compliance ModuleIf set to 'Yes', the end user can defer the update as long as they already meet the minimum version in the setting below.Minimum Version Required for Compliance ModuleFormat is 'n.n.n.n'. '0.0.0.0' means no minimum version is required. '3' means minimum version is 3.0.0.0, '3.6' means minimum is 3.6.0.0, and so on.Prompt Auto Dismiss TimeoutThe number of seconds that the deferred update prompt is displayed before being dismissed automatically. 'None' means the prompt can only be dismissed by the user. A '0' value and a 'defer' value for the response setting below will force a deferral of the software update.Prompt Auto Dismiss Default ResponseThe action taken when the prompt is automatically dismissed.This will be a separatorInstallation OptionsUninstall Cisco NAC AgentUninstalls Cisco NAC Agent after successful installation of ISE Posture.
PK
LYr^ r^ AnyConnectProfile.xsdUT I?ZI?Zux
pwdThis is the data needed to attempt a connection to a specific host.A HostEntry comprises the data needed to identify and connect to a specific host.Can be an alias used to refer to the host or an FQDN or IP address. If an FQDN or IP address is used, a HostAddress is not required.Can be a FQDN or IP address.The tunnel group to use when connecting to the specified host. This field is used in conjunction with the HostAddress value to form a Group based URL. NOTE: Group based URL support requires ASA version 8.0.3 or later.Collection of one or more backup servers to be used in case the user selected one fails.Collection of one or more load balancing servers.Controls whether the client will reconnect across network transitions.
When Auto is specified, AnyConnect will enumerate all the certificates on the client against the CertificateMatch rules in the profile.
If Manual is specified, AnyConnect will try to find a certificate to associate with the connection by applying the CertificateMatch rules.
Initiates a VPN connection when accessing domains in the domain list.Attempt to initiate a VPN connection when rules in this list are matched.Never attempt to initiate a VPN connection when rules in this list are matched.Attempt to initiate a VPN connection when rules in this list are matched only if the system could not resolve the address using DNS.If defined true this will become the active connection when the import is completed. This may result in the user being disconnected on Apple IOS platforms when a profile is imported.This setting specifies the protocol that the client will first use when attempting to connect to the gateway.This setting denotes IOS gateways that support only standards-based authentication methods.This specifies the specific authentication method that the client will use during IKE negotiations.This specifies the IKE identity, used as the IKE IDi payload.Pinned certificates to be used for verification by AnyConnect for server certificate chain.Pinned certificate SHA-512 hash of the public key. Info attribute has the Subject field value of pinned certificate by default.This is the XML schema definition for the Cisco AnyConnect VPN Client Profile XML file. The VPN Client Initialization is a repository of information used to manage the Cisco VPN client software. This file is intended to be maintained by a Secure Gateway administrator and then distributed with the client software. The xml file based on this schema can be distributed to clients at any time. The distribution mechanisms supported are as a bundled file with the software distribution or as part of the automatic download mechanism. The automatic download mechanism only available with certain Cisco Secure Gateway products.The ClientInitialization section represents global settings for the client. In some cases (e.g. BackupServerList) host specific overrides are possible.The Start Before Logon feature can be used to activate the VPN as part of the logon sequence.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.Controls AnyConnect client behavior for certificate selection. By default, the user certificate will be matched internally. If disabled, a user certificate selection dialog will be displayed.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This control enables an administrator to have a one time message displayed prior to a users first connection attempt. As an example, the message could be used to remind a user to insert their smart card into it's reader.
The message to be used with this control is localizable and can be found in the AnyConnect message catalog (default: "This is a pre-connect reminder message.").
Show a pre-connect message prior to users first connect attempt.Do not show a pre-connect message prior to users first connect attempt.
This setting allows an administrator to specify which certificate store AnyConnect will use for locating certificates.
This setting only applies to the Microsoft Windows version of AnyConnect and has no effect on other platforms.
This setting allows an administrator to specify which certificate store AnyConnect will use for locating certificates.
This setting only applies to the macOS version of AnyConnect and has no effect on other platforms.
This setting allows an administrator to direct AnyConnect to search for certificates in the Windows machine certificate store. This is useful in cases where certificates are located in this store and users do not have administrator privileges on their machine.This setting allows an administrator to control the user proxy settings.This attribute provides the public proxy address and port number. Can be a FQDN or IP address.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This preference gives the network administrator the ability to allow users to connect through a local proxy.Controls AnyConnect client behavior when started. By default, the client will attempt to contact the last Gateway a user connected to or the first one in the list from the AnyConnect profile. In the case of certificate-only authentication, this will result in the establishment of a VPN tunnel when the client is started.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.Controls AnyConnect GUI behavior when a VPN tunnel is established. By default, the GUI will minimize when the VPN tunnel is established.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.If Local LAN access is enabled for remote clients on the Secure Gateway, this setting can be used to allow the user to accept or reject this access.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.If Disable captive portal is enabled for remote clients on the Secure Gateway, this setting can be used to allow the user to enable or disable captive portal detection.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This setting allows an administrator to control how a client will behave when the VPN tunnel is interrupted. Control can optionally be given to the user.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This setting allows the adminstrator to turn off the dynamic update functionality of AnyConnect. Control of this can also be given to the user.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This setting allows the adminstrator to control how the user will interact with RSA. By default, AnyConnect will determine the correct method of RSA interaction. The desired setting can be locked down by the administrator or control can be given to the user.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This preference allows an administrator to control if more than one user may be logged into the client PC during the VPN connection (Windows only).This preference allows an administrator to control whether or not remote users may initiate a VPN connection (Windows only).Determines whether to keep the VPN session when the user logs off a Windows OS or macOS.Specifies whether to end the VPN session if a different user logs on. This value applies only if the RetainVpnOnLogoff is True and the original user logged off Windows or macOS when the VPN session was up.This preference allows the administrator to define a policy to automatically manage when a VPN connection should be started or stopped.This setting defines the list of possible DNS domain name(s) that an interface is assigned when in a trusted networkThis setting defines the list of DNS server(s) that an interface is assigned when in a trusted networkThis setting defines the list of HTTPS servers reachable only via a trusted network.This preference allows an administrator to define a policy to automatically manage the VPN connection for users in trusted networks.This preference allows an administrator to define a policy to automatically manage the VPN connection for users in untrusted networks.This preference governs VPN reestablishment after interruptionsThis preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure. Possible values are Open and ClosedThis preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failureThis preference allows the network administrator the ability to impose a time limit (in minutes) for captive portal remediation when the ConnectFailurePolicy value is ClosedThis preference gives the network administrator the ability to allow split routes and firewall rules to be applied following a VPN connection establishment failure when the ConnectFailurePolicy value is ClosedThis preference gives the network administrator the ability to allow users to disconnect the VPN session during Always OnThis preference allows an administrator to control the policy used to exclude routes to PPP servers when connecting over L2TP or PPTP. Options are Automatic (default), Disable, and Override.When PPPExclusion is set to Override, the value of this preference allows an end user to specify the address of a PPP server that should be excluded from tunnel traffic.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This preference allows an administrator to enable scripting which executes OnConnect and OnDisconnect scripts (if found).This setting dictates whether or not AnyConnect will terminate a running script process if a transition to another scriptable event occurs.This setting dictates whether or not the OnConnect script will be launched from the desktop GUI when a tunnel has been established via Start Before Logon.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.The setting dictates whether or not AnyConnect should perform certificate pinning checks for server certificate chain.Pinned certificates to be used for verification by AnyConnect for server certificate chain.Pinned certificate SHA-512 hash of the public key. Info attribute has the Subject field value of pinned certificate by default.This section enables the definition of various attributes that can be used to refine client certificate selection.This section disables certificate with no EKU from matching.This section disables certificate with no KU from matching.Certificate Key attributes that can be used for choosing acceptable client certificates.Certificate Extended Key attributes that can be used for choosing acceptable client certificates.Certificate Distinguished Name matching allows for exact match criteria in the choosing of acceptable client certificates.Collection of one or more backup servers to be used in case the user selected one fails.Collection of policy settings specific to the Windows Mobile version of AnyConnect that have no effect on other platforms.Indicates that a Windows Mobile device must be configured with a password or PIN prior to establishing a VPN connection. This configuration is only valid on Windows Mobile devices that use the Microsoft Default Local ation Provider (LAP).When set to non-negative number, specifies the maximum number of minutes that must be configured before device lock takes effect. (WM5/WM5AKU2+) When set to a non-negative number, specifies that any PIN/password used for device lock must be equal to or longer than the specified value, in characters. (WM5AKU2+)When present checks for the following password subtypes: "alpha" - Requires an alphanumeric password, "pin" - Numeric PIN required, "strong" - Strong alphanumeric password defined by Microsoft as containing at least 7 characters, including a minimum of 3 from the set of uppercase, lowercase, numerals, and punctuation characters. (WM5AKU2+)This section enables the definition of various .This attribute will enable a notice to be shown to the user when their certificate is about to expire.If the group-url can be identified (FQDN/group or IP/group) by this value will trigger the automatic SCEP process.The SCEP CA server.
This setting allows an administrator to specify which certificate store AnyConnect will use for locating certificates.
This setting only applies to the Microsoft Windows version of AnyConnect and has no effect on other platforms.
Domain of the CACommon NameOrg UnitOrgStateStateCountryEmailDomain ComponentSur NameGiven NameUnstructured NameInitialsGen QualifierDN QualifierCityTitleKey SizeTurn on display of Get Certificate button if SCEP is configured and user encounters client certificate authentication failure.Turn on access control to protect private key of the certificate on mobile device if SCEP is configured.When set to non-negative number, specifies the maximum number of minutes that must be configured before device lock takes effect. (WM5/WM5AKU2+) When set to a non-negative number, specifies that any PIN/password used for device lock must be equal to or longer than the specified value, in characters. (WM5AKU2+)When present checks for the following password subtypes: "alpha" - Requires an alphanumeic password, "pin" - Numeric PIN required, "strong" - Strong alphanumeric password defined by Microsoft as containing at least 7 characters, including a minimum of 3 from the set of uppercase, lowercase, numerals, and punctuation characters. (WM5AKU2+)Automatic server selection will automatically select the optimal secure gateway for the endpoint. Possible values are true or false.
During a reconnection attempt after a system resume, this setting specifies the minimum estimated performance improvement required to justify transitioning a user to a new server. This value represents a percentage in 0..100During a reconnection attempt after a system resume, this specifies the minimum time a user must have been suspended in order to justify a new server selection calculation. It is measured in hoursDoes the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.Amount of time, in seconds, that the client waits for authentication to be completed.If SafeWord SofToken software is installed on the endpoint device, this setting can be used to enable the client to directly interface with the SofToken software.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.AllowIPsecOverSSL is an unsupported and unadvertised preference that makes IPsec tunnels possible over SSL tunnels. It must not be visible in the Profile Editor.This preference controls whether the smartcard pin will be cleared on a successful connection
This setting only applies to the Microsoft Windows version of AnyConnect and has no effect on other platforms.Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.This attribute will indicate that the VPN service should not be used on the endpoint.This attribute will indicate the supported IP protocols (IPv4 and IPv6) and in what order they should be used to attempt a VPN connection.This attribute will indicate whether the end-user may manually specify a new headend.This section contains the list of hosts the user will be able to select from.Collection of one or more backup servers to be used in case the user selected one fails.Can be a FQDN or IP address.Collection of one or more load balancing servers.Can be a FQDN or IP address.Certificate Key attributes that can be used for choosing acceptable client certificates.One or more match key may be specified. A certificate must match at least one of the specified key to be selected.Certificate Extended Key attributes that can be used for choosing acceptable client certificates.Zero or more extended match key may be specified. A certificate must match all of the specified key(s) to be selected.1.3.6.1.5.5.7.3.11.3.6.1.5.5.7.3.21.3.6.1.5.5.7.3.31.3.6.1.5.5.7.3.41.3.6.1.5.5.7.3.51.3.6.1.5.5.7.3.61.3.6.1.5.5.7.3.71.3.6.1.5.5.7.3.81.3.6.1.5.5.7.3.91.3.6.1.5.5.7.3.101.3.6.1.5.5.8.2.2Zero or more custom extended match key may be specified. A certificate must match all of the specified key(s) to be selected. The key should be in OID form (e.g. 1.3.6.1.5.5.7.3.11)Certificate Distinguished Name matching allows for exact match criteria in the choosing of acceptable client certificates.This element represents the set of attributes to define a single Distinguished Name mathcing definition.Distinguished attribute name to be used in mathcing.Subject Common NameDomain ComponentSubject Sur NameSubject Given NameSubject Unstruct NameSubject InitialsSubject Gen QualifierSubject Dn QualifierSubject CountrySubject CitySubject StateSubject StateSubject CompanySubject DepartmentSubject TitleSubject Email AddressIssuer Common NameIssuer Domain ComponentIssuer Sur NameIssuer Given NameIssuer Unstruct NameIssuer InitialsIssuer Gen QualifierIssuer Dn QualifierIssuer CountryIssuer CityIssuer StateIssuer StateIssuer CompanyIssuer DepartmentIssuer TitleIssuer Email AddressThe string to use in the match.Should the pattern include wildcard pattern matching. With wildcarding enabled, the pattern can be anywhere in the string.wildcard pattern match is not enabled for this definitionwildcard pattern match is enabled for this definitionThe operator to be used in performing the matchequivalent to ==equivalent to !=Should the pattern matching applied to "Pattern" be case sensitive? Default is "Enabled" (case sensitive).perform case sensitive match with patternperform case in-sensitive match with patternThe root element representing the AnyConnect Client ProfileAllows only one user during a VPN connectionAllows only one local user but many remote users during a VPN connectionOnly local users may establish a VPN connectionLocal and remote users may establish a VPN connectionAutomatically detect when a VPN connection is being established over a point-to-point connection.Disable automatic detection of point-to-point connections.Override the address of the PPP server with the value of PPPExclusionServerIP.Use certificates from all available certificate stores.Use certificates only from the Windows machine certificate store.Use certificates only from the Windows user certificate store.Use certificates from all available macOS keychains and file stores.Use certificates only from the macOS system keychain and system file store.Use certificates only from the macOS login and smartcard keychains, as well as the user file store.Use browser settings.Use no proxy settings.Use AnyConnect proxy settings.
PK
L Darwin_i386UT I?ZI?Zux PK
L#
FAProfile.xmlUT J?ZJ?Zux
truefalsetrue
PK
Lz
FAProfile.xsdUT J?ZJ?Zux
PK
Ldո ISEPostureCFG.xmlUT J?ZJ?Zux
0falsefalsedisplayFailed3013012043false1210000303
PK
LIk& & ISEPostureCFG.xsdUT J?ZJ?Zux
PK
LI/{ {
L2info.datUT J?ZJ?Zux 0w
0* H
0a] ֜f
ฮmo^j둀ySz#Ckn"8&TRcxOMksWZGvGHS
$Gc vLH
a #vSy|ch 3H[DO:MQ4̀NIrttN^SpV;ݠㅉǞuNkO2u;8eB7-loN_۫Ζ
`^@ݝ'7A c|m8̚qӒAS\qR$NGirit֤uwVuoOvUA \X! 4 4iԚjKSL9̊6\ҭ+Z×l!IѯUu} AV(\LsE7.rrp* ~McKؘg 3>%K9 /x]7-)Y@H-]L6/#o#\*@1ʗuQ
x
}3-n.߄A| i%æKM
B]m8tSpgVJun Ә|2I kPK
L QG NAM_Profile_Default.xmlUT J?ZJ?Zux falsefalsewired30WPB0Uuq6G9AlWKlpNX0H0b+h/ct99R+fEH9QBdi++eo=trueDR5XI5fFdWhRthZI0iZFPbmzeeMM9/DYOe1181xiAw8=TNRVkt9/uzaMymb99FZmb4OonIM05/tU/77w6I1zV68=trueXBOKxjRkio2+a1NDa8EHFEfGX56OoMkg7N7oRBHZHIM=306032Local networkstruetruetrue405falsetruefalsetrueF1qVtnNBig42PR54Jakde6zBWds=dBC4czt9HyJMLxFrjaNskPkkGVQnwkwyEamwsV0p6R+cqTdbx23uJc5bb5J3KCOJYfum0hAm6QTD
VWITh7h2CJT8Eiqh5YApak9hrZVRp6SisKFJOV6idFvPsVgAzOIG0Dr5clOAc4G9LTXD59igTvM7
/3hMSs6uWsILd1YVBB4=PK
L"?> NVMProfile.xmlUT J?ZJ?Zux
CollectorHostName4739605500trustedfalsefalsefalseuser_anonymizedVpnexcludeLoggedInUser,ProcessUserNameDNS-anonymizedTrustedexcludeDNSSuffix501PK
L]~h
h
NVMProfile.xsdUT J?ZJ?Zux
PK
Lb b ProfileEditor.xmlUT J?ZJ?Zux
PK
LB
ServiceProfileManifest.xmlUT I?ZI?Zux
xmlAnyConnect VPN Profilefalseconfiguration.xmlnspNetwork Access Manager\systemNetwork Access Manager\newConfigFilesNAM Service ProfilefalseCustomerExperience_Feedback.xmlfspCustomerExperienceFeedbackCustomerExperienceFeedbackFeedback Service ProfilefalseTelemetry_ServiceProfile.xmltspTelemetryTelemetryTelemetry Service ProfilefalseWebSecurity_ServiceProfile.wsowspwsowebsecuritywebsecurityWeb Security Service ProfilefalseISEPostureCFG.xmlispisepostureisepostureISE Posture ProfilefalseISEPosture.jsonjsonisepostureisepostureISE Posture JSON ProfilefalseAMPEnabler_ServiceProfile.xmlaspAMPEnablerAMPEnablerAMP Enabler Service ProfilefalseNVM_ServiceProfile.xmlnvmspNVMNVMNetwork Visibility Service ProfilefalseOrgInfo.jsonjsonumbrellaumbrellaUmbrella Roaming Security Profilefalse
PK
L UpdateComponentManifest.jsonUT :?ZJ?Zux {
"downloader" : {
"display-name" : "AnyConnect Downloader",
"type" : "script",
"uri" : "binaries/vpndownloader.sh",
"hash" : "FC33E0707F14034B8CD142CC8AF3BC8CE87CA927B69F7D1433D22E9BC1C176B8",
"hash-type" : "sha256",
"version" : "4.6.01098"
}
}
PK
LX X VPNHashManifest.xmlUT I?ZJ?Zux
binaries/anyconnect-macos-4.6.01098-core-vpn-webdeploy-k9.dmg33779D4F62BB73B8C1BAD9C1BBA3467551A07B5C6BAB6880F045AFF1E26E76F6binaries/anyconnect-macos-4.6.01098-dart-webdeploy-k9.dmgE3353922615DFC5A07E287FF868F8E076ED5ED4A68E759D976308DE5F13C2EC9binaries/anyconnect-macos-4.6.01098-websecurity-webdeploy-k9.dmg9B3FD3E85343DEB09B2F4EA6DA929D10F06305BA1269BBA136A84BD4302365B1binaries/anyconnect-macos-4.6.01098-amp-webdeploy-k9.dmg02644614A8093A3B6BBF6DF75405863941664FE941B850C108CEF96728C375FCbinaries/anyconnect-macos-4.6.01098-posture-webdeploy-k9.dmg9E708553B821605717B6A9420A61A66716A74E606EC8C7DA921F6CB625B80AA5binaries/anyconnect-macos-4.6.01098-iseposture-webdeploy-k9.dmgF3577A303EAF08603EA89B4C41A37ED9B3F16D6F7BC59239DECDBF22F52B80A8binaries/anyconnect-macos-4.6.01098-nvm-webdeploy-k9.dmg0CE98AEA94116C0BFAA284EDB72311EF5221B31E4F1ADD5D645FFB2E6E8FD1EAbinaries/anyconnect-macos-4.6.01098-umbrella-webdeploy-k9.dmgBB6A4803E6D1E3DD574FF153650F04A0023E167B5931B0B38A2A3C6FFA20CEA4
PK
L߯ VPNManifest.xmlUT I?ZJ?Zux
binaries/anyconnect-macos-4.6.01098-core-vpn-webdeploy-k9.dmgAnyConnect Secure Mobility Clientbinaries/anyconnect-macos-4.6.01098-dart-webdeploy-k9.dmgAnyConnect DARTbinaries/anyconnect-macos-4.6.01098-websecurity-webdeploy-k9.dmgAnyConnect Web Securitybinaries/anyconnect-macos-4.6.01098-amp-webdeploy-k9.dmgAnyConnect AMP Enablerbinaries/anyconnect-macos-4.6.01098-posture-webdeploy-k9.dmgAnyConnect Posturebinaries/anyconnect-macos-4.6.01098-iseposture-webdeploy-k9.dmgAnyConnect ISE Posturebinaries/anyconnect-macos-4.6.01098-nvm-webdeploy-k9.dmgAnyConnect Network Visibilitybinaries/anyconnect-macos-4.6.01098-umbrella-webdeploy-k9.dmgAnyConnect Umbrella Roaming Security
PK
L:B 8 WebSecurity.xsdUT J?ZJ?Zux
Version of the WebSecurity Schema.User-designated profile name, if provided.tunnel type can be either "ssl" or "plain"Time interval for sending heartbeat to service. In seconds. Hidden Field.Time interval for sending heartbeat to client. In seconds. Hidden Field.Maximum time to flush out remaining logs when logging is signaled to stop. In msec. Hidden Field.Flushing interval for writing logs to log file. In msec. Hidden Field.Enable/Disable buffered logging. If the value configured in this setting is greater than zero (0) then buffered logging will be disabled. Hidden Field.If there is any error in writing log statements to the log file, then how often should that error be logged into the alternative logging system. Currently we are using Windows Event Log as an alternate logging system. Hidden Field.Minutes: How long should the old log files be retainedHours: How long should the old log files be retainedDays: How long should the old log files be retainedIt is a complex element. The combination of elements contained under this setting will decide how long the old log files should be retained.This setting indicates that how many old (backed up) log files should be retained.Maximum size of log file in KB.If the WebSecurity svc encounters connection failures while connecting to the Current Active Tower, then it will attempt switching to the next best Tower after the time specified in this setting, irrespective of whether the threshold specified in ActiveTowerMaxFailedConnectAttempts is exceeded. In seconds. Hidden field.Read interval at which active tower connection failure count will be checked. In msec. Hidden field.If the WebSecurity svc encounters these many consecutive failures while connecting to the Current Active Tower, then it will attempt switching to the next best Tower. Hidden field.Receive timeout to receive header from the Beacon Server. Values in seconds. Hidden field.Timeout for sending the challenge GET request to Beacon Server. Values in seconds. Hidden field.Range from 1 to the value contained in it. A number will be generated in the range. Generated number will be added to BeaconCheckInterval. Values in seconds. Hidden field.Maximum number of the static_exceptions settings values to be consider. 1 - 50. Hidden field.Disable/Enable reverse and forward lookup while processing HTTPS traffic. Don't perform rev/fwd dns lookup if it is disabled. If the value is "1" then disabled otherwise enabled. Hidden field.Interval after which the same icon state (i.e., matching previous and current state) will be sent to the Daemon. Hidden field.If present in a user's list of Groups, then these Groups will be included in the encrypted header. Groups are ';' separatedIf present in a users' list of Groups, then these Groups will be excluded from the encrypted header. Groups are ';' separatedThis is used to automatically generate an ID for the authenticated_user field if the user is not on a domain or the domain ID could not be determined. Can be emptyEnable or disable the ability to connect to the Scansafe hosted config server for regular profile updatesEnable or disable forced GP refreshDisable SSL session reuse. The default is 0 (enable). Any non-zero value will disable.Whether the thread pooling should be enabled or disabled. If the value is "1" then thread pool will be enabled. For all other values thread pool will be disabled.The connections going to the specified IP address will not be seen by A+. These connections will be bypassed at the DNE layer. Static exceptions are ';' separatedThese ports are listened on for HTTP traffic (optionally include 443 for HTTPS support - see release notes). Comma separated values.Traffic intercepted by DNE is sent to A+ on this portThe connections going through the specified proxy will be bypassed. Proxy Exceptions are ';' separatedPublic Key for Beacon ServerProduct license keyPublic key component (Modulus)Public key component (Exponent)Password for exiting or disabling the A+ serviceMinimum number of connection threads to keep alive (Low Water Mark) even when not in use.Maximum number of connection threads to keep alive (High Water Mark). Maximum number of concurrent connections that can be processed at any time.The Daemon communicates with the Service on this port.If Destination IP address of the intercepted connection or the host name from the Host Header field matches with any of the entries in this setting, then that connection will be bypassed, i.e., not forwarded to our Tower. Host Exceptions ';' separated (e.g. 10.0.0/8, 169.254.0.0/16, windowsupdate.microsoft.com)If Destination IP address of the intercepted connection or the host name from the Host Header field matches with any of the entries in this setting, then that connection will be passed via Tower, all other connections will be bypassed.AD domains. AD Domains are ',' separated.DNS reverse lookup timeout (msec)If DNS reverse lookup fails then how long that entry should be cached (Time to live). (sec)DNS cache failure lookup parameters - forward lookup (msec)If DNS forward lookup fails then how long that entry should be cached (Time to live). (sec)This setting specifies the logging level and indicates which statements should be written into the log file.Time interval (msec) to Clean Idle Threads from the Running List.This timeout is used while forming TCP connection to the Tower. Hidden Field.AD UserAD GroupsThis setting provides the URL used to download the available list of towers from our special Tower.This setting tells the A+ service how often it should attempt to download the towers XML file from the special Tower. interval in (minutes). Minimum value is 1. Hidden field.This setting will be considered in the tower updater if there was any issue in downloading towers XML. In seconds. HiddenPort number used for SSL (secure) connection to Tower. Usage depends on tunnel_type.Port number used for Plain (unsecure) connection to Tower. Usage depends on tunnel_type.This setting indicates when the list of towers in the config file was last updated.This setting is used to specify the subset of the total available towers that should be used by A+. Only these towers will be used by the product functionalities and displayed in the GUI. Empty means use all towers. Tower Display names are being used for this field. Comma separatedBeacon Server DNS lookup forward timeout.Timeout for the TCP connection to Beacon Server.If this is 'FailClose' then OnCaptivePortal can be either 'FailClose' or 'FailOpen'. If this is 'FailOpen' then OnCaptivePortal has to be 'FailOpen' tooWhen error occurs in establishing a connection to the Tower bypass it and attempt connection to original host.When error occurs in establishing a connection to the Tower send message/reason page to browser and close the connection.Allows or disallows connections needed to log on to a captive portal if the general ConnectionFailure Policy is FailCloseWhen an error occurs in establishing a connection to the Tower then allow Captive Portal logonWhen an error occurs in establishing a connection to the Tower then do not allow Captive Portal logon. FailClose value here does not make sense if Policy value is Failopen.Determines what to do on failure to establish comms with a towerServer Certificate Hash: SHA256 hash of the server certificateServer Address: IP or FQDNTrusted Network Detection Server Port: If not specified 443 will be used.Enable or disable Trusted Network Detection functionality. Valid values are 0 or 1Interval in second between Trusted Network Detection probesTrusted Network Detection Server DNS lookup forward timeout.Timeout for the TCP connection to Trusted Network Detection Server.Display name of the default tower, used when none is selectedEnable/Disable Detect-On-LAN functionality.This setting specifies the host name or IP address of the current active tower. Currently this field contains the IP address because we currently use only an IP address in 'WebSecurity\ConfigurationParameters\Towers\Tower\HostName'.Display Name of the current Active towerIs tower active or not? Currently not processed by our code.
PK
Lw w WebSecurity_3_0.xsdUT J?ZJ?Zux
Version of the WebSecurity Schema.tunnel type can be either "ssl" or "plain"Time interval for sending heartbeat to service. In seconds. Hidden Field.Time interval for sending heartbeat to client. In seconds. Hidden Field.Maximum time to flush out remaining logs when logging is signaled to stop. In msec. Hidden Field.Flushing interval for writing logs to log file. In msec. Hidden Field.Enable/Disable buffered logging. If the value configured in this setting is greater than zero (0) then buffered logging will be disabled. Hidden Field.If there is any error in writing log statements to the log file, then how often should that error be logged into the alternative logging system. Currently we are using Windows Event Log as an alternate logging system. Hidden Field.Minutes: How long should the old log files be retainedHours: How long should the old log files be retainedDays: How long should the old log files be retainedIt is a complex element. The combination of elements contained under this setting will decide how long the old log files should be retained.This setting indicates that how many old (backed up) log files should be retained.Maximum size of log file in KB.If the WebSecurity svc encounters connection failures while connecting to the Current Active Tower, then it will attempt switching to the next best Tower after the time specified in this setting, irrespective of whether the threshold specified in ActiveTowerMaxFailedConnectAttempts is exceeded. In seconds. Hidden field.Read interval at which active tower connection failure count will be checked. In msec. Hidden field.If the WebSecurity svc encounters these many consecutive failures while connecting to the Current Active Tower, then it will attempt switching to the next best Tower. Hidden field.Receive timeout to receive header from the Beacon Server. Values in seconds. Hidden field.Timeout for sending the challenge GET request to Beacon Server. Values in seconds. Hidden field.Range from 1 to the value contained in it. A number will be generated in the range. Generated number will be added to BeaconCheckInterval. Values in seconds. Hidden field.Maximum number of the static_exceptions settings values to be consider. 1 - 50. Hidden field.Disable/Enable reverse and forward lookup while processing HTTPS traffic. Don't perform rev/fwd dns lookup if it is disabled. If the value is "1" then disabled otherwise enabled. Hidden field.Interval after which the same icon state (i.e., matching previous and current state) will be sent to the Daemon. Hidden field.If present in a user's list of Groups, then these Groups will be included in the encrypted header. Groups are ';' separatedIf present in a users' list of Groups, then these Groups will be excluded from the encrypted header. Groups are ';' separatedWhether the thread pooling should be enabled or disabled. If the value is "1" then thread pool will be enabled. For all other values thread pool will be disabled.The connections going to the specified IP address will not be seen by A+. These connections will be bypassed at the DNE layer. Static exceptions are ';' separatedThese ports are listened on for HTTP traffic (optionally include 443 for HTTPS support - see release notes). Comma separated values.Traffic intercepted by DNE is sent to A+ on this portThe connections going through the specified proxy will be bypassed. Proxy Exceptions are ';' separatedPublic Key for Beacon ServerProduct license keyPublic key component (Modulus)Public key component (Exponent)Password for exiting or disabling the A+ serviceMinimum number of connection threads to keep alive (Low Water Mark) even when not in use.Maximum number of connection threads to keep alive (High Water Mark). Maximum number of concurrent connections that can be processed at any time.The Daemon communicates with the Service on this port.If Destination IP address of the intercepted connection or the host name from the Host Header field matches with any of the entries in this setting, then that connection will be bypassed, i.e., not forwarded to our Tower. Host Exceptions ';' separated (e.g. 10.0.0/8, 169.254.0.0/16, windowsupdate.microsoft.com)AD domains. AD Domains are ',' separated.DNS reverse lookup timeout (msec)If DNS reverse lookup fails then how long that entry should be cached (Time to live). (sec)DNS cache failure lookup parameters - forward lookup (msec)If DNS forward lookup fails then how long that entry should be cached (Time to live). (sec)This setting specifies the logging level and indicates which statements should be written into the log file.Time interval (msec) to Clean Idle Threads from the Running List.This timeout is used while forming TCP connection to the Tower. Hidden Field.AD UserAD GroupsThis setting provides the URL used to download the available list of towers from our special Tower.This setting tells the A+ service how often it should attempt to download the towers XML file from the special Tower. interval in (minutes). Minimum value is 1. Hidden field.This setting will be considered in the tower updater if there was any issue in downloading towers XML. In seconds. HiddenPort number used for SSL (secure) connection to Tower. Usage depends on tunnel_type.Port number used for Plain (unsecure) connection to Tower. Usage depends on tunnel_type.This setting indicates when the list of towers in the config file was last updated.This setting is used to specify the subset of the total available towers that should be used by A+. Only these towers will be used by the product functionalities and displayed in the GUI. Empty means use all towers. Tower Display names are being used for this field. Comma separatedBeacon Server DNS lookup forward timeout.Timeout for the TCP connection to Beacon Server.Display name of the default tower, used when none is selectedEnable/Disable Detect-On-LAN functionality.This setting specifies the host name or IP address of the current active tower. Currently this field contains the IP address because we currently use only an IP address in 'WebSecurity\ConfigurationParameters\Towers\Tower\HostName'.Display Name of the current Active towerIs tower active or not? Currently not processed by our code.
PK
LEJ3{ WebSecurity_Profile_Default.xmlUT J?ZJ?Zux
3.1500150034ssl0000010710001070030003003000300websecurity*liveupdate.symantecliveupdate.com;windowsupdate.microsoft.com;*.msg.yahoo.com10.0.0.0/8;127.0.0.0/8;169.254.0.0/16;172.16.0.0/12;192.168.0.0/16;224.0.0.0/4;240.0.0.0/4;80.254.145.118;liveupdate.symantecliveupdate.com;windowsupdate.microsoft.com;*.msg.yahoo.com;*.msftncsi.com01ManualUS West Coast80,8080,3128UKtrue80.254.147.2518080443Germanytrue80.254.148.1948080443Francetrue80.254.150.668080443Denmarktrue80.254.154.668080443Switzerlandtrue80.254.155.668080443South Africatrue196.26.220.668080443Braziltrue201.94.155.668080443US West Coasttrue72.37.244.1798080443US East Coasttrue70.39.231.1078080443US Midwesttrue69.174.58.1078080443US Southtrue72.37.249.1718080443US Southeasttrue69.174.87.758080443Hong Kongtrue202.167.250.988080443Indiatrue115.111.223.668080443Japantrue122.50.127.428080443Singaporetrue202.79.203.668080443Australiatrue202.177.218.668080443FailOpenFailOpen075010AA6F80DEF54C1FBBBA17C82269C7E0D2076D6BB7384A4C09A498F9019FC8CAA7FC7CEBF8361EDA2604F9D47EAA52C057CFECBB76361939876470671D20E02245100011http://80.254.145.118/websecurity-config-v2ip.xml60US West Coast72.37.244.1793000computer_nameenabledenabled
PK
L] auto-instructions.htmlUT I?ZI?Zux
WebLaunch OS X Install Instructions
Instructions
Step 1:
Click the WebLaunch to begin package provisioning.
Step 2:
Click Allow to proceed with Java provisioning.
Step 3:
Cisco AnyConnect Secure Mobility Client requires Administrative privileges to install. When prompted enter your computer password to continue.
Step 4:
The AnyConnect Secure Mobility Client will download and install.
Step 5:
Cisco AnyConnect Secure Mobility Client will be launched and establish a VPN connection.
Step 6:
Begin using your Cisco AnyConnect Secure Mobility Client.