Overview of VPN Client Upgrade

SecoClient is a VPN client software used with the FW to provide secure and convenient access services for mobile users to remotely access enterprise network resources. The SecoClient integrates SSL VPN, L2TP VPN, and L2TP over IPSec VPN access technologies and can meet the VPN access requirements in different scenarios.

After the administrator uploads the latest SecoClient version to the FW, mobile users can download the latest SecoClient software from the virtual gateway page when they access the FW virtual gateway.

Two methods are available for mobile users to access the enterprise network over SSL VPN tunnels. One is to use the SecoClient software, and the other is to use a browser. The SSL VPN client is a browser. If a browser is used for the access, the installation package of the management program and the certificate filtering plug-in of the browser may expose some vulnerabilities as time eclipses. To fix the vulnerabilities and improve access security, you need to patch the plug-ins.

This section describes how to load the SSL VPN client patch on the FW to upgrade browser plug-ins. When a mobile user accesses the virtual gateway from a browser, the virtual gateway automatically upgrades the plug-ins installed on the browser. Loading the new SSL VPN client patch file automatically uninstalls the existing patch file.

The name of the SSL VPN client patch file must be clientpatchmain. If an SSL VPN client patch file with the same name already exists on the FW, the existing file is automatically deleted.

SSL VPN client patches have four states: Idle, Activated, Deactivated, and Running. Patches in activated state are rolled back to the deactivated state after system restart, whereas patches in running state recover after system reset and still take effect.

Figure 1 shows the patch status change diagram.