Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
AnyConnect 4.1.00028 is compatible with Cisco HostScan 4.1.00028 (OPSWAT 3.6.10013.2) or later. If you cannot upgrade
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
AnyConnect 4.0.02052 is compatible with Cisco Hostscan 4.0.02052 (OPSWAT 3.6.10013.2) or later. If you cannot upgrade
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
AnyConnect and Host Scan at the same time, upgrade Host Scan first, then upgrade AnyConnect.
The
is available on cisco.com. The support charts opens most easily using
a Firefox browser. If you are using Internet Explorer, download the file to your computer and change the file extension from .zip
to .xlsm. You can open the file in Microsoft Excel, Microsoft Excel viewer, or Open Office.
to .xlsm. You can open the file in Microsoft Excel, Microsoft Excel viewer, or Open Office.
AnyConnect will not establish a VPN connection when used with an incompatible version of HostScan. Also,
Cisco does not recommend the combined use of HostScan and ISE posture. Unexpected results occur when
the two different posture agents are run.
Cisco does not recommend the combined use of HostScan and ISE posture. Unexpected results occur when
the two different posture agents are run.
If you upgrade to AnyConnect 4.4, and you want to continue to use Dynamic Access Policies (DAP) and
Advanced Endpoint Assessments that use VPN Posture (HostScan) to look for antivirus and antispyware
attributes, use the latest 4.3.x VPN Posture (HostScan) as the HostScan image in ASDM (Configuration >
Remote Access VPN > Secure Desktop Manager > Host Scan image).
Advanced Endpoint Assessments that use VPN Posture (HostScan) to look for antivirus and antispyware
attributes, use the latest 4.3.x VPN Posture (HostScan) as the HostScan image in ASDM (Configuration >
Remote Access VPN > Secure Desktop Manager > Host Scan image).
AnyConnect 4.4 and VPN Posture (HostScan) version 4.4 images use the OPSWAT v4 compliance module
which combines antivirus and antispyware into one category called anti-malware. To write DAP or Advanced
Endpoint Assessment rules using the combined anti-malware attributes, you must be running ASDM 7.7.1 or
higher on your ASA. ASDM 7.7.1 is expected to release in the first quarter of 2017.
which combines antivirus and antispyware into one category called anti-malware. To write DAP or Advanced
Endpoint Assessment rules using the combined anti-malware attributes, you must be running ASDM 7.7.1 or
higher on your ASA. ASDM 7.7.1 is expected to release in the first quarter of 2017.
Note
If you upgrade to ASDM 7.7.1 and use AnyConnect 4.4.x or VPN Posture (HostScan) version 4.4.x as
the HostScan engine, any existing DAP or Advanced Endpoint Assessment rules referencing antivirus or
antispyware will be deleted, and you will need to recreate them using anti-malware attributes.
the HostScan engine, any existing DAP or Advanced Endpoint Assessment rules referencing antivirus or
antispyware will be deleted, and you will need to recreate them using anti-malware attributes.
Note
Starting with AnyConnect 4.4 or HostScan 4.4 used as the HostScan image and with ASDM 7.7.1 as the ASDM
image, administrators will only be able to express DAP and Advanced Endpoint Assessment rules in terms of
anti-malware attributes.
image, administrators will only be able to express DAP and Advanced Endpoint Assessment rules in terms of
anti-malware attributes.
The Cisco Host Scan package can be pre-deployed or installed on an ASA version 8.4 or later for web-deploy.
ISE Posture Compliance Module
The ISE Posture compliance module contains the list of supported antivirus, antispyware, and firewall for ISE posture. While the
HostScan list organized by vendor, the ISE posture list organizes by product type. When the version number on the headend (ISE or
ASA) is greater than the version on the endpoint, the OPSWAT gets updated. These upgrades are mandatory and happen automatically
without end user intervention.
HostScan list organized by vendor, the ISE posture list organizes by product type. When the version number on the headend (ISE or
ASA) is greater than the version on the endpoint, the OPSWAT gets updated. These upgrades are mandatory and happen automatically
without end user intervention.
The individual files within the library (a zip file) are digitally signed by OPSWAT, Inc., and the library itself is packaged as a single,
self-extracting executable which is code signed by a Cisco certificate. You can view the charts using Microsoft Excel, Microsoft
Excel Viewer, or OpenOffice at this location: .
self-extracting executable which is code signed by a Cisco certificate. You can view the charts using Microsoft Excel, Microsoft
Excel Viewer, or OpenOffice at this location: .
IOS Support of AnyConnect
Cisco supports AnyConnect VPN access to IOS Release 15.1(2)T functioning as the secure gateway; however, IOS Release 15.1(2)T
does not currently support the following AnyConnect features:
does not currently support the following AnyConnect features:
• Post Log-in Always-on VPN
9