Distributing the Remote Access Clients from the Gateway

Follow these steps to automatically upgrade the Remote Access client when users connect to the Security Gateway.

Step 1: Create backup copies of the applicable files

  1. Connect to the command line on the Security Gateway / each Cluster Member.

  2. Log in to the Expert mode.

  3. Create backup copies of these files:

    1. cp -v $FWDIR/conf/extender/CSHELL/TRAC.cab{,_BKP}

    2. cp -v $FWDIR/conf/extender/CSHELL/trac_ver.txt{,_BKP}

Step 2: Download the Remote Access Clients Automatic Upgrade file for your release

  1. Go to sk117536 - Endpoint Security Home Page and navigate to the Client Releases Information section.

  2. Identify your installed client version and click the row corresponding to your version.

  3. In the Release Home page section, open the mentioned SK and navigate to the Standalone Client Downloads section.

  4. From the Remote Access VPN Clients (Automatic Upgrade file) section, download the *.CAB file and rename it from *.CAB file to: TRAC.cab.

  5. On your system:

    1. Open the downloaded TRAC.cab file.

    2. Open the ver.ini file.

    3. Copy the build number and save it.

Step 3: Configure the Security Gateway / each Cluster Member

  1. Transfer the downloaded TRAC.cab file to the Security Gateway / each Cluster Member to some directory (for example, /var/log/).

  2. On the Security Gateway / each Cluster Member, assign the required permissions to the TRAC.cab file:

    chmod -v 775 /var/log/TRAC.cab

  3. On the Security Gateway / each Cluster Member, copy the TRAC.cab file to the required directory:

    cp -v /var/log/TRAC.cab $FWDIR/conf/extender/CSHELL/

  4. On the Security Gateway / each Cluster Member, change the build number in the trac_ver.txt file:

    1. Edit the file:

      vi $FWDIR/conf/extender/CSHELL/trac_ver.txt

    2. Change the current build number to the build number you saw in the ver.ini file.

    3. Save the changes in the file and exit the editor.

Step 4: Configure the client upgrade mode

  1. Connect with SmartConsole to the Management Server that manages the Security Gateway / Cluster.

  2. In SmartConsole, click the Menu button > Global properties.

  3. From the left tree, click Remote Access > Endpoint Connect.

  4. In the section Client upgrade mode, select the applicable option:

    • Ask user (end-users must confirm the client upgrade)

    • Always upgrade (automatic client upgrade without asking end-users)

  5. Click OK.

Step 5: In SmartConsole, install the policy on the Security Gateway / Cluster