Question about SSL-VPN Client 1.3.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Question about SSL-VPN Client 1.3.0

Not applicable

I noticed there is a new version of the SSL VPN clinet version 1.3.0

Trying to find documenatation on it

when I click on the release notes in software manager it mentions PAN OS 4.02

is this a 4.02 ONLY release of the client

are there any bug fixes or improvement in the client?

Need a reason to up-grade to 4.0.2 but the issues with 4.0.1 have left me gun shy

4 REPLIES 4

L4 Transporter

The 1.3.0 client is backward compatible with previous iteration of the PANOS, changes and improvements are documented in the release notes and can be accessed via this portal in the software updates section

~Phil

Regarding the SSL-VPN Client 1.3.0, if I were to download and activate this on the PA firewall, will users that have the existing 1.2.0 client be subjected to downloading and installing the client upon their next VPN login?  Since users do not have admin rights to install an application, what will happen when they try to log in when the new client has been activated?

Also, is there a way that the SSL-VPN client can be remotely (and silently) installed on users' computer?  This will certainly make things more convenient for both the users and the administrator if the client can be installed without interrupting the users at work.  Users are using a mix of Win7 and WinXP Pro.

If the SSL VPN client is already installed an upgrade will not require Admin privileges.  A new install does require Admin rights to the machine.

To silently deploy the client you could push out the msi package using Group Policy.  See the following KP article for information on extracting the msi.

https://live.paloaltonetworks.com/docs/DOC-1206

Cheers,

Kelly

Thank you for your input.  Unfortunately, I was not able to successfully pull this "upgrade" off.  I suspect that users will require some degree of heightened privileges, as non-admin users were having issues, but admin users (e.g. myself) did not have any issues installing/using the VPN. 

I'll submit a case to PAN support, but here's what is happening:

1) SSL VPN Client 1.3.0 is downloaded/activated on the firewall.

2) A non-admin user attempts to log into the VPN.

3) User is prompted to update the VPN software.

4) During update, user experiences a session hang and does not complete the VPN logon.

5) User attempts to log in again to the VPN, but is not able to.  User experiences the an error message indicating that the "NetConnect service is not running.  Please restart it."

6) After investigating the issue, I find that, while the "NetConnect Installer" component seems to install fine, the "NetConnect" component itself is now listed twice in the Add/Remove Programs.  This tells me that both the old and new versions of the NetConnect Installer still reside on the computer.  The result is the user not able to log into the VPN, either due to a conflict of the two versions or an incomplete uninstallation of the old version.

The only way that I was able to fix this issue was to do a local manual uninstall both the NetConnect Installer and the NetConnect components and local manual reinstall of the VPN client. There definitely needs to be a better way of deploying this software to users.  FYI, Group Policy installation of the software does not work properly either.

  • 2985 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!