When you are off campus, some of Illinois State University’s electronic services are unavailable to you unless you establish a VPN connection.
Solved: Hello, Is it possible to install AnyConnect and the AMP Enabler module in mode pre-deployment, without using ASA or ISE? Umbrella module can be deployed in this way, but can't find any references for AMP Enabler. Malware attacks on Android-based smartphones and tablets are on the rise. Now you can stop them. Identify and remediate advanced malware targeting Android-based devices. Get the visibility and control you need to secure mobile devices. Use Big Data analytics to gain Information Superiority over attackers. ANSWER QUESTIONS LIKE:. Which systems are infected?. Which devices are. Symptom: Compromised events are now showing up in ISE for events triggered by new devices in the AMP console When integrating AMP for first time, all the events will be populated correctly, however, when we add a new device to both AMP and ISE, it will show up under authentication but, its compromised events won't be populated as it was not part of the initial mapping and ISE is not able to. Cisco AnyConnect AMP Enabler Module is an application marketed by the software company Cisco Systems, Inc. Frequently, people decide to remove this application. Sometimes this is troublesome because doing this by hand takes some knowledge related to Windows internal functioning.
If you update your Cisco.com account with your WebEx/Spark email address, you can link your accounts in the future (which enables you to access secure Cisco, WebEx, and Spark resources using your WebEx/Spark login).
Cisco AnyConnect is an application that the University makes available to students, faculty, and staff for free which may be used to establish a VPN connection with the University from off campus.
NOTE: If you need to request and install the application on your computer, please skip to the section further below entitled Download and Install Cisco AnyConnect. If you already have the application installed and would like to know how to connect to it, please read the section immediately below entitled Connect to the Cisco AnyConnect VPN Client Once Downloaded. The instructions below are listed for both Windows and Mac machines, respectively.
Connect to the Cisco AnyConnect VPN Client Once Downloaded
Windows:
- Open the Cisco AnyConnect VPN client.
- Windows 8: On the Start screen, click Cisco AnyConnect Secure Mobility Client.
- Windows 10: Start > All Apps > Cisco > Cisco AnyConnect Secure Mobility Client.
- Alternatively, you can click Start and begin typing Cisco AnyConnect Secure Mobility Client and the application will show up. Click on the icon to start the application.
- Verify that the path in the field underneath “Ready to connect.” is VPN01.ILSTU.EDU.
- If the path name does not automatically appear, click the arrow to the right of the field and select VPN01.ILSTU.EDU from the drop down menu, or enter the path name manually.
- Click Connect.
Figure 1:
- When prompted, select the appropriate Group (Figure 1):
- To access most ISU resources, you will select –ISU-.
- Important: To access ISU Oracle or SQL database resources directly (via software such as Microsoft Access, Oracle SQL Developer, Microsoft SQL Management Studio, etc.), select DB-User_Access.
Note: When you attempt to connect, you may receive a prompt that tells you that Cisco AnyConnect is updating. Do not attempt to cancel this update, as this update will allow your VPN software to work.
Figure 2:
- Enter your ULID and password in the appropriate fields, then click OK.
- After a moment, an informational banner window will appear that typically says “Welcome to Illinois State University,” but could display a different, informational message.
- Click Accept.
You are now connected with the Cisco AnyConnect VPN client. A Cisco AnyConnecticon with a yellow, locked padlock will be visible in your system tray (in the lower-right corner of your desktop, next to the clock). This indicates that you are connected. If the icon appears without a padlock, this indicates you are no longer connected through VPN.
Mac OS X:
- Open the Cisco AnyConnect VPN client. Click Finder > Applications> Cisco > Cisco AnyConnect Secure Mobility Client.
Figure 3:
- Alternatively, you can search for the application in your “Dashboard” by simply clicking the rocket icon on your bottom toolbar. After that, start typing Cisco AnyConnect Secure Mobility Client and you will see the application. Click on the application to start the set-up process, or to access it once you’ve configured the settings properly.
Figure 4:
- Verify that the path in the field underneath “Ready to connect.” reads VPN01.ILSTU.EDU. If the field is empty, you will need to manually enter the file path exactly how it is shown in this article.
Figure 5:
- Click Connect.
- When prompted, select the appropriate Group (Figure 6):
- For most ISU resources, you will select –ISU-.
- Important: To access ISU Oracle or SQL database resources directly (via software such as Microsoft Access, Oracle SQL Developer, Microsoft SQL Management Studio, etc.), select DB-User_Access.
Figure 6:
- Enter your ULID and password when prompted to do so and click Connect.
- After a moment, an informational banner window will appear that typically says “Welcome to Illinois State University,” but could display a different, informational message.
- Click Accept.
You are now connected with the Cisco AnyConnect VPN client. A Cisco AnyConnect icon with a yellow, locked padlock is now in your system tray (in the lower-right corner of your desktop). This indicates that you are connected. If the icon appears without a padlock, this indicates you are no longer connected through VPN.
Disconnect from the VPN
Windows:
To disconnect from the VPN on a Window’s machine:
- Locate the Cisco AnyConnect VPN client icon and click on it. It is usually on your toolbar, but if it is not, here are some additional ways to find the application:
- Windows 8: On the Start screen, click Cisco AnyConnect Secure Mobility Client.
- Windows 10: Start > All Apps > Cisco > Cisco AnyConnect.
- Alternatively, you can click [Start] and begin typing Cisco AnyConnect Secure Mobility Client and the application will show up. Click on the icon to start the application so you can disconnect from the VPN.
- In the Cisco AnyConnect Secure Mobility Client pane, click Disconnect.
Figure 7:
- Close Cisco AnyConnect Secure Mobility Client.
You are now disconnected from VPN.
Mac OSX:
To disconnect from a VPN connection on Cisco AnyConnect on Mac running Mac OS X or later:
Cisco Anyconnect Download Windows 10
- Click on the Cisco AnyConnect icon in your Dock.
- Click Disconnect.
- Close Cisco AnyConnect Secure Mobility Client.
Figure 8:
You are now disconnected from VPN.
Download and Install Cisco AnyConnect for Windows or Mac OS X
Students, faculty, and staff may download the Cisco AnyConnect VPN Client for Windows or Mac OS X from the University IT Help portal by following the directions below:
Windows:
- Navigate to the IT Help portal (at ITHelp.IllinoisState.edu),
- Click Downloads in the middle of the screen.
- Under Cisco AnyConnect, select the version you would like to download. You will need to select the version that is compatible with your machine. You can choose either Windows or Mac.
- Click on Windows or Mac and log in with your ULID and password if prompted to do so. You will be directed to a form to request the download file be sent to you. You will need to fill out the required fields in the submission form. Once submitted, your request will be handled in the order it was received. Once approved, you will receive an email. You will then click Download Files and you may be navigated to a Central Login page where you will need to enter your ULID and password. Once you log in, click the file next to Attached Files.
NOTE: If you have never access Liquid Files (SendTo) before, you may see a log in page to log into Liquid Files itself. Instead, you will want to click the SSO Sign In button to be navigated to a Central Login page. You will enter your ULID and password. Upon logging in, you will need to accept some terms and conditions. Once you have done that, you will never be prompted again for an SSO sign in.
- Upon successfully downloading the installer, you will need to open the installer and follow the prompts.
Figure 9:
- Agree to the Terms and Conditions and proceed with the installation by clicking Accept. You may need to enter your computer’s profile credentials in order to accept the installation.
Figure 10:
- Once the software has finished downloading, click Finish to close out of the installation process. You can now access the VPN software.
Mac OS X:
- Navigate to the IT Help portal (at ITHelp.IllinoisState.edu),
- Click Downloads in the middle of the screen.
- Under Cisco AnyConnect, select the version you would like to download. You will need to select the version that is compatible with your machine. You can choose either Windows or Mac.
- Click on Windows or Mac and log in with your ULID and password if prompted to do so. You will be directed to a form to request the download file be sent to you. You will need to fill out the required fields in the submission form. Once submitted, your request will be handled in the order it was received. Once approved, you will receive an email. You will then click Download Files and you may be navigated to a Central Login page where you will need to enter your ULID and password. Once you log in, click the file next to Attached Files.
NOTE: If you have never access Liquid Files (SendTo) before, you may see a log in page to log into Liquid Files itself. Instead, you will want to click the SSO Sign In button to be navigated to a Central Login page. You will enter your ULID and password. Upon logging in, you will need to accept some terms and conditions. Once you have done that, you will never be prompted again for an SSO sign in.
- Upon successfully downloading the installer, you will need to open the installer and follow the prompts. When you get to the Installation Type screen, ensure that only the VPN checkbox is selected, then click Continue to proceed with the installation
Figure 11:
- Click Continue to finish the installation. Once finished, open the Cisco AnyConnect Secure Mobility Client. You can find it in the Cisco folder in your applications, or can be manually searched in your Launchpad, as instructed above.
Figure 12:
- Type VPN01.ILSTU.EDU in the empty text field, then press Connect.
Figure 13:
- Enter your ULID in the Username field and your current password in the Password field. Click OK.
Figure 14:
- You will see a welcome window. Click Accept to be connected to the VPN.
Figure 15:
- Now that you are connected, you will be able to access university-restricted applications such as iPeople.
- When you are ready to disconnect from the VPN, go back to the application and click Disconnect and close out of the application.
Figure 16:
How to Get Help
For technical assistance, you may contact the Technology Support Center at 309-438-4357 or by email at SupportCenter@IllinoisState.edu.
Back to Overview:
Related Articles:
Introduction
This document goes through steps to install the Advanced Malware Protection (AMP) connector with AnyConnect.
The AnyConnect AMP Enabler is used as a medium to deploy AMP for Endpoints. Itself it does not have any capability to convict file disposition. It pushes the AMP for Endpoints software to an endpoint from ASA. Once the AMP is installed it uses cloud capacity to check for files disposition. Further AMP service can submit files to dynamic analysis called ThreatGrid, to score unknown files behaviour. These files can be convicted as malicious if certain artifacts are met. This is widely usefull for zero-day attacks.
Prerequisites
Requirements
- AnyConnect Secure Mobility Client Version 4.x
- FireAMP / AMP for Endpoints
- Adaptive Security Device Manager (ASDM) Version 7.3.2 or later
Components Used
The information in this document is based on these software and hardware versions:
- Adaptive Security Appliance (ASA) 5525 with Software Version 9.5.1
- AnyConnect Secure Mobility Client 4.2.00096 on Microsoft Windows 7 Professional 64-bit
- ASDM Version 7.5.1(112)
AnyConnect Deployment for AMP Enabler through ASA
The steps involved in the configuration are as follows:
- Configure the AnyConnect AMP Enabler client profile.
- Edit the AnyConnect VPN group policy and download the AMP Enabler Service Profile.
- Login to the AMP dashboard in order to get the connector URL download link.
- Verify the installation on the user machine.
Step 1: Configure the AnyConnect AMP Enabler Client Profile
- Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile.
- Add the AMP Enabler Service Profile.
Step 2: Edit the Group-Policy to Download the AnyConnect AMP Enabler
- Navigate to Configuration > Remove Access VPN > Group Policies > Edit.
- Go to Advanced > AnyConnect Client > Optional Client Modules to Download.
- Choose AnyConnect AMP Enabler.
Step 3: Download the FireAMP Policy
Note: Before you proceed, check if your system meets the requirements for the AMP of Endpoints Windows Connector.
System Requirements for AMP for Endpoints Windows Connector
These are the minimum system requirements for the FireAMP Connector based on the Windows operating system. The FireAMP Connector supports both 32-bit and 64-bit versions of these operating systems. The latest AMP documentation can be found in AMP deployment
Operating System | Processor | Memory | Disk Space, Cloud Only Mode | Disk Space |
Microsoft Windows 7 | 1 GHz or faster processor | 1 GB RAM | 150 MB available hard disk space - Cloud-only mode | 1GB available hard disk space - TETRA |
Microsoft Windows 8 and 8.1 (requires FireAMP Connector 5.1.3 or later) | 1 GHz or faster processor | 512 MB RAM | 150 MB available hard disk space - Cloud-only mode | 1GB available hard disk space – TETRA |
Microsoft Windows Server 2003 | 1 GHz or faster processor | 512 MB RAM | 150 MB available hard disk space - Cloud-only mode | 1GB available hard disk space - TETRA |
Microsoft Windows Server 2008 | 2 GHz or faster processor | 2 GB RAM | 150 MB available hard disk space – Cloud only mode | 1GB available hard disk space – TETRA |
Microsoft Windows Server 2012 (requires FireAMP Connector 5.1.3 or later) | 2 GHz or faster processor | 2 GB RAM | 150 MB available hard disk space - Cloud only mode | 1 GB available hard disk space – TETRA |
Most common is to have the AMP installer placed on the enterprise web server.
In order to download the connector, navigate to Management > Download Connector. Then choose type, and Download FireAMP (Windows, Android, Mac, Linux).
The Download Connector page allows you to download the install packages for each type of FireAMP connector. This package can be placed on a network share or distributed via management software.
Select a Group
- Audit Only: Monitoring the system based on SHA-256 calculated over each file. This Audit only mode does not quarantine the malware, but sends an event as an alert.
- Protect: Protect mode with quarantine malicious files. Monitor file copy and move.
- Triage: This is for use on already compromised/infected computer.
- Server: Installation suite for Windows server, where the connector installs without Tetra engine and DFC driver. This group is designed by its name for non-domain controller servers.
- Domain Controller: The default policy for this group is set to audit mode as in Server group. Associate all your Active directory servers in this group, that means the connector will be running on a Windows Domain Controller.
Cisco Anyconnect Secure Mobility Client Free
The AMP has the feature called TETRA, which is full antivirus engine. This option is optional per policy.
Features
- Flash Scan on Install: Scan process runs during the installation. It is relatively quick to perform and recommended to run only once.
- Redistributable: You should download one single package, which contains 32-bit and 64-bit installers. Rather than a bootstrapper, which is available leaving this option unticked and downloads the installer files, once executed.
Note: You can create your own group and configure associated policy to it. The purpose is to place all e.g. Active directory servers into one group, where the policy is in audit mode.
The bootstrapper and redistributable installer also both contain a policy.xml file that is used as a configuration file for the AMP connector.
Step 4: Download the Web Security Client Profile
Specify company web server or a network share with AMP installer. This is most commonly used across companies to save bandwidth and place trusted installers in centralized location.
Please be sure that the HTTPS link can be reached on the endpoints without any certificate error and that root certificate is installed in the machine store.
Go back to the AMP Profile created before on the ASA (step 1) and edit AMP Enabler Profile:
- For AMP Mode, click the Install AMP Enabler radio button.
- In the Windows Installer field, add the IP for the web server and the file for the FireAMP.
- Windows Options are optional.
Click OK and apply the changes.
Step 5: Connect with AnyConnect and Verify the Installation of the Module
When Anyconnect VPN users connect, ASA pushes the AnyConnect AMP Enabler module through the VPN. For already logged in users, it is recommended to log off and then log in back for the functionality to be enabled.
Step 6: Start VPN Connection install AMP Enabler and AMP connector
Once you hit the button connect to start the VPN, it downloads the new downloader module. This will have AMP enabler and downloads the AMP package from the URL path you specified couple of steps before.
Step 7: Check AnyConnect and Verify If Everything is Installed
Install Cisco Anyconnect
Once the VPN is connected and the configuration of the web server is installed, check AnyConnect and verify everything is installed properly.
In the services.msc you can find a new service called CiscoAMP_5.1.3. In the Powershell command we see:
Cisco Anyconnect Windows 10 Download
The AMP Installer adds new drivers to the Windows OS. You might use the driverquery command to list the dirvers.
Step 8: Test with an Eicar String Contained in a Zombies PDF File
Test with an Eicar string contained in a Zombies PDF file in a test computer in order to verify the malicious file is quarantined.
Zombies.pdf contains Eicar string
Step 9: Deployment Summary
This page shows you a list of successful and failed FireAMP connector installs as well as those currently in progress. You can go to Management > Deployment Summary.
Step 10: Thread Detection Verification
Zombies.pdf triggered an quarantine event, send to the AMP dashboard.
Quarantine event
Additional Information
To get your AMP account, you can sign up for the ATS University. This gives you an overview of AMP functionality in LAB.