Requirements and Prerequisites for Secure Client Management VPN Tunnel

Software and Configuration Requirements

Ensure that you have the following before you configure the Secure Client Management tunnel on using the threat defense using the management center web interface:

• Ensure that you are using threat defense and management center versions 6.7.0 or above.

• Download the Secure ClientSecure Client VPN Webdeploy package 4.7 or above and upload it to threat defense remote access VPN.

• Ensure that the certificate authentication is configured in the connection profile.

• Ensure that no banner is configured in the group policy.

• Check the split tunneling configuration in the management tunnel-group policy.

Certificate Requirements

• Threat Defense must have a valid identity certificate for remote access VPN and the root certificate from the local certifying authority (CA) must be present on the threat defense.

• Endpoints connecting to the management VPN tunnel must have a valid identity certificate.

• CA certificate for threat defense's identity certificate must be installed on the endpoints and the CA certificate for the endpoints must be installed on the threat defense.

• The identity certificate issued by the same local CA must be present in the Machine store.

  Certificate Store (For Windows) and/or in System Keychain (For macOS).