Skip to main content

 

 

Cisco Defense Orchestrator

Upload AnyConnect Software Packages to Firepower Threat Defense Devices

You can upload the AnyConnect software packages to the Firepower Threat Defense (FTD) devices using Firepower Device Manager (FDM) API explorer. A minimum of one AnyConnect software package must be present on the device for creating an RA VPN connection.

The procedure applies only to FTD version 6.4 and later. 

Procedure

  1. Download the AnyConnect packages from https://software.cisco.com/download/home/283000185
    • Make sure you accept the EULA and have K9 (encrypted image) privileges.
    • Select the "AnyConnect Headend Deployment Package" package for your operating system. The package name will be similar to, "anyconnect-win-4.7.04056-webdeploy-k9.pkg. There are separate headend Webs Deploy packages for Windows, macOS, and Linux.
  2. Using a browser, open the home page of the system. For example, https://ftd.example.com.

  3. Log into Firepower Device Manager.

  4. Edit the URL to point to /#/api-explorer, for example, https://ftd.example.com/#/api-explorer 

  5. Scroll down and click Upload > /action/uploaddiskfile.

UploadDskFile.jpg

  1. In fileToUpload field, click Choose File and select the required AnyConnect package.
    You can upload the packages one at a time.

ChooseAnyConnectPackage.JPG

  1. Click Open.
  2. Scroll down and click TRY IT OUT!. 
    Wait until the package uploads completely.
    In the Response Body, the API response appears in the following format.

{
   "version": null,
    "name": "691f47e1-90c7-11e9-a361-79e2452f0c57.pkg",
    "fileName": "691f47e1-90c7-11e9-a361-79e2452f0c57.pkg",
    "id": "691f47e1-90c7-11e9-a361-79e2452f0c57.pkg",
    "type": "fileuploadstatus",
    "links": {
       "self": "https://ftd.example.com:972/api/fdm/...90d111e9-a361-
                cf32937ce0df.pkg"
              }
 }

 

Record the fileName of the package from the response as you must enter the same string when performing the POST operation. In this example, the fileName is 691f47e1-90c7-11e9-a361-79e2452f0c57.pkg.

  1. Scroll up near the top of Firepower Threat Defense REST API page and click AnyConnectPackageFile > POST /object/anyconnectpackagefiles
    Perform a POST operation to the API providing the temp staged diskFilename and the OS type of the package file in the payload. This action creates the AnyConnect package file.
  2. In the body field, enter the package details in the following format only:              

    {
        "platformType": "WINDOWS",
        "diskFileName": "691f47e1-90c7-11e9-a361-79e2452f0c57.pkg",
        "type": "anyconnectpackagefile",
        "name": "AnyConnectWindowsBGL"
    }

    1. In the platformType field, enter the OS platform as WINDOWS, MACOS, or LINUX.

    2. In the diskFileName field, enter the fileName that you have recorded after uploading disk file.

    3. In the name field, enter a name that you want for the package.

    4. Click TRY IT OUT!.

 In the Response Body field, the API response appears in the following format after a successful POST operation.

              {

                      "version": "ni7xeneslft3p",

            "name": "AnyConnectWindowsBGL",

            "description": null,

            "diskFileName": "41d592e3-90ca-11e9-a361-6d05320a165d.pkg",

            "md5Checksum": "9bbe53dcf92e515d3ce5423048212488",

            "platformType": "WINDOWS",

            "id": "c9c9dfe3-9cd8-11e9-a361-23534f081c43",

            "type": "anyconnectpackagefile",

            "links": {
            "self": "https://ftd.example.com:972...1-cf32937ce0df"

                   }

                         }

The AnyConnect package is created on FDM.

  1. Click AnyConnectPackageFile > GET /object/anyconnectpackagefiles > TRY IT OUT!.  
    The Response Body shows all AnyConnect package files. 
    A sample response is shown below.

{
  "items": [
    {
      "version": "la4nwceqk2sg4",
      "name": "AnyConnectWindowsBGL",
      "description": null,
      "diskFileName": "82f1e362-9cd8-11e9-a361-9758ba07962d.pkg",
      "md5Checksum": "9bbe53dcf92e515d3ce5423048212488",
      "platformType": "WINDOWS",
      "id": "c9c9dfe3-9cd8-11e9-a361-23534f081c43",
      "type": "anyconnectpackagefile",
      "links": {
        "self": "https://ftd.example.com:972...1-23534f081c43"
      }
    }
  ],

  1. Upload other AnyConnect packages for each OS type. Repeat steps from 4 to 10.   
  2. Edit the URL to point to the web page, for example, https://ftd.example.com
  3. Click the Deploy Changes icon in the upper right of the web page.
    The icon is highlighted with a dot when there are undeployed changes.
  4. If you are satisfied with the changes, you can click Deploy Now to start the job immediately.
    The window will show that the deployment is in progress. You can close the window, or wait for the deployment to complete.

Note To delete a package from the FTD device, click AnyConnectPackageFile > Delete. In the objID field, type the package id and
click TRY IT OUT!.

To complete a VPN connection, your users must install the AnyConnect client software on their workstation. For more information, see How Users Can Install the AnyConnect Client Software. 

  • Was this article helpful?