Cisco Cisco AnyConnect Secure Mobility Client v4.x Release Notes
Hostname Option Added to Static Exception in Profile Editor
You can exclude or include endpoint traffic from Cisco Cloud Web Security Scanning using AnyConnect's
Web Security profile editor. With Cisco AnyConnect Secure Mobility Client release 4.3.02039 or later, you
can now add hostnames, besides just IP addresses, to exclude from scanning. In the Static Exception field of
the profile editor, determine what hostname to exclude from scanning, and Web Security will not forward
that HTTP/HTTPS traffic to the Cloud Web Security Proxy for inspection. If you have multiple hostnames
with the same IP address but only one of the hostnames is configured in the Static Exceptions list, Web Security
exempts the traffic.
Web Security profile editor. With Cisco AnyConnect Secure Mobility Client release 4.3.02039 or later, you
can now add hostnames, besides just IP addresses, to exclude from scanning. In the Static Exception field of
the profile editor, determine what hostname to exclude from scanning, and Web Security will not forward
that HTTP/HTTPS traffic to the Cloud Web Security Proxy for inspection. If you have multiple hostnames
with the same IP address but only one of the hostnames is configured in the Static Exceptions list, Web Security
exempts the traffic.
If you want to exempt any browser traffic via proxy server, you must list those hostnames in Host Exceptions,
so that they are not forwarded. You cannot only configure static exceptions for traffic flowing through proxies
not listed in the Proxy Exception list.
so that they are not forwarded. You cannot only configure static exceptions for traffic flowing through proxies
not listed in the Proxy Exception list.
New Features in AnyConnect 4.3.01095
AnyConnect 4.3.01095 is a maintenance release that introduces the Cisco Umbrella Roaming Security module
and resolves the defects described in
and resolves the defects described in
AnyConnect 4.3.01095, on page 33
.
The Umbrella Roaming Security module requires a subscription to either Cisco Umbrella Roaming service
or OpenDNS Umbrella services (Professional, Insights, Platform, or MSP). Cisco Umbrella Roaming provides
DNS-layer security when no VPN is active, whereas OpenDNS Umbrella subscriptions add Intelligent Proxy
and IP-Layer Enforcement features, both on- and off-network. Additionally, OpenDNS Umbrella subscriptions
provide content filtering, multiple policies, robust reporting, active directory integration, and much more. The
same Umbrella Roaming Security module is used regardless of the subscription.
or OpenDNS Umbrella services (Professional, Insights, Platform, or MSP). Cisco Umbrella Roaming provides
DNS-layer security when no VPN is active, whereas OpenDNS Umbrella subscriptions add Intelligent Proxy
and IP-Layer Enforcement features, both on- and off-network. Additionally, OpenDNS Umbrella subscriptions
provide content filtering, multiple policies, robust reporting, active directory integration, and much more. The
same Umbrella Roaming Security module is used regardless of the subscription.
The Umbrella Roaming module profile (OrgInfo.json) associates each deployment with the corresponding
service, and the corresponding protection features are enabled automatically.
service, and the corresponding protection features are enabled automatically.
The Umbrella Dashboard provides real-time visibility into all of the Internet activity originating from the
Roaming Security module. The level of granularity in policies and reports depends on the Umbrella subscription.
Roaming Security module. The level of granularity in policies and reports depends on the Umbrella subscription.
Refer to
for a detailed comparison
of which features are included in which service level subscriptions.
Interoperability Using Both Umbrella Roaming Security and Web Security
To get full functionality when using both the Umbrella Roaming Security and Web Security module, you
must configure the host exclusion and exclude static exceptions defined in the Web Security chapter:
must configure the host exclusion and exclude static exceptions defined in the Web Security chapter:
. Otherwise, the DNS protection could
be completely bypassed.
New Features in AnyConnect 4.3.00748
AnyConnect 4.3.00748 is a major release that includes the following features and enhancements and that
resolves the defects described in
resolves the defects described in
AnyConnect 4.3.00748, on page 34
.
• In Network Visibility Module (NVM), adjustments to the rate at which data is sent from the cache to
the collector.
• Customization of the NVM timer so that an administrator can define when Cisco nvzFlow exports the
data.
Release Notes for Cisco AnyConnect Secure Mobility Client, Release 4.3
4
Release Notes for AnyConnect Secure Mobility Client, Release 4.3
New Features in AnyConnect 4.3.01095