Big Sur and Cisco Anyconnect

NOVELLUS
Contributor

First a warm "hello" to the community πŸ™‚
I hope you're well and stable in this unstable times.

Now my theme, bounded to my hope, that someone can help me to find a solution:

We are using Cisco Anyconnect and our install procedure for macOS Catalina (and Mojave) was working very well. We had created a configuration profile with the needed kernel exceptions and with this configuration profile we installed Cisco Anyconnect "silent".

Big Sur has modifyed security options and these changes are the reason, that the former well working procedure is no more working.

Now the User has to accept some security questions (like "is Cisco Anyconnect allowed to filter the network traffic") and has to enable them in the system settings.

Has anyone found a way to install Cisco Anyconnect without this conditions ?

Thank you very much for answering and

kind regards,

Michael

52 REPLIES 52

jameson
Contributor II

-

mickl089
Contributor II

That canΒ΄t be a solution for the Cisco Support, or am I mistaken? I have a different view of support quality...

jameson
Contributor II

Seems disabling Umbrella also do the trick - even it is not a very good workarround. But simply also cannot understand how Cisco are not up-to-date with their software. They have several month to test new versions comming for Mac and it seems they first test their software after the releases have been made. And now they just point to Apple and say they should fix it in a new version

mickl089
Contributor II

We have the same problems and umbrella is not in use... but apparently this is the trend of developers nowadays. Example: Big Sur was released in the fall of 2020, only in March 2021 was a final compatible version of Sophos Endpoint rolled out, until then Sophos was not running under Big Sur. Sad story if you think about how long the Big Sur beta versions were already available.

jameson
Contributor II

Yes Umbrella removal is also not a workarround. DId some testing where it worked without umbrella - but it is just random as it sometimes can work temporary if you like re-install or restart the client, but later it then fails again.

So really difficult to find an error that is happening random.

jameson
Contributor II

11.5 Beta Big sur also does not solve anything. It worked some hours, but now again I cannot connect to server names

mickl089
Contributor II

Our company is changing from Cisco to Forti, not only because of these errors...

Ditto here as well.   I'm sad the org (merger of 5 companies from last year) that I'm part of is going away from Global Protect.

julesj
New Contributor

@jameson am experiencing same, after Jamf Pro pushes config profile. We can no longer ping out AD FQ'd domain name. Have submitted a support request to Cisco, have spent much time on this as many other Jamfers out there.

rlindenmuth
New Contributor III

I've got AnyConnect running on Big Sur thanks to the tips here, but am having issues reinstalling the app if it's been removed. Has anyone had success reinstalling?

In testing I had a user uninstall AnyConnect and DART using the uninstallers in the Applications folder. We performed the testing needed and then pushed the app back out. Now we are getting the errors in the attached screenshots. There are no system extensions to install, and we did not remove the config profile during the uninstall process, it's all still in place from the initial install. The system extension warning pops-up every 10 seconds or so making the Mac unusable. I can repeat this on other Macs as well.

dcb1359cb43d4b2a922b5ead32ba073f

408603f274384522ad33e8fc9a2ab802

891a94e7d4354e288d460f926c5626d9

NOVELLUS
Contributor

@rlindenmuth Hi,, did you restart after installing and removing the Anyconnect client? As far as I know, a reboot is required for Anyconnect to work.

Maybe this link will help you for removing the client: http://kb.mit.edu/confluence/display/mitcontrib/Cisco+Anyconnect+Manual+uninstall+Mac+OS

rlindenmuth
New Contributor III

We've rebooted and have tried both manual uninstall and uninstall via the app, both with no avail.

bmee
Contributor

Anyone having issue with AnyConnect denying the system from pulling softwareupdate list?
Below are the error message I saw in the console

System Policy: com.cisco.anycon(306) deny(1) system-privilege 10006

Violation:       deny(1) system-privilege 10006

Process:         com.cisco.anycon [306]

Path:            /Library/SystemExtensions/4EBB3FEE-890F-4AA7-9628-1DDAF928C676/com.cisco.anyconnect.macos.acsockext.systemextension/Contents/MacOS/com.cisco.anyconnect.macos.acsockext

Load Address:    0x10eddd000

Identifier:      com.cisco.anyconnect.macos.acsockext

Version:         4.10.03104 (4.10.03104)

Code Type:       x86_64 (Native)