IT | Security

Enable Application Persistence for VPN

Follow the instructions below to ensure that your VPN client stays healthy, up-to-date, and functioning for all your staff, wherever they are.

Why Persist VPN?

VPN tools ensure that your remote employees can access corporate resources and applications securely. This reduces the likelihood of malicious actors intercepting network transmission to take control of your endpoints and access the corporate network.

But VPN tools are susceptible to being disabled or tampered with, harming user productivity and device security across your fleet. Drawing from Absolute’s unique position in the firmware of devices shipped by leading OEMs, Application Persistence automatically self-heals faulty instances of your VPN client across your fleet.

So your employees can be assured that, even if they’re working remotely, they can access essential resources without having to compromise on security.

VPN Self-Healing

With Application Persistence enabled, your VPN client will be able to report on its health status and to automatically remediate itself, with zero action on your part, in cases of non-compliance. Since Absolute is factory-embedded at the firmware level, this self-healing capability remains even if Absolute itself is removed from the device, it is reimaged, or the hard drive is swapped out.

VPN Persistence Configuration

1. Deploy Absolute

If you are a new Absolute customer, you first need to setup your account, activate the agent and verify your devices.

Follow our step-by-step guide to get started.

2. Select Policies Menu

After logging into the Absolute console, click on the “Policies” icon on the left-hand panel of the console.

3. Select Persistence Tab

On the “Policies” page, select the “Persistence” tab.

4. Select the VPN Application

On the “Persistence” tab, select the VPN application of your choice. The three supported through Application Persistence are Cisco AnyConnect, F5 BIG-IP Edge Client and Pulse Connect Secure. The steps below detail the configuration for Cisco AnyConnect as an example. Under the name of the created policy group (in the image below, this is the “Global Policy Group”), select the “Configure” button.

5. Configure VPN Persistence

In the policy configuration page for your VPN application, you have the option of configuring how the VPN client will be persisted. You can select between three modes of persistence: Report Only, Report and repair and Report, Repair and Reinstall.

a) Report Only: Monitors the health of the VPN client across your devices and displays this information through the Application Persistence Report.

b) Report and Repair: In addition to monitoring the health of the VPN client, this mode takes the added step of attempting to repair unhealthy instances of the client. The repair process includes, but is not limited to, repairing corrupt components of the client, and restarting non-functioning services and processes.

c) Report, Repair and Reinstall: Through this selection, Application Persistence downloads the VPN client installer from an external source provided by the user and silently reinstalls the client. The user is required to provide an external URI that hosts the VPN client installer as well as the Hash-256 code for Application Persistence to verify the installer’s components before running it. In case your web server has authentication set up, you would need to provide the appropriate credentials for Application Persistence to access the URI.

NOTE: Across all three modes, you will need to select the version of your deployed VPN application. For version information, view the “System Requirements” section of your VPN’s help page below.

Cisco AnyConnect | F5 BIG-IP Edge Client | Pulse Connect Secure

If any devices within your environment have a version of your VPN client that is higher than the ones supported through Application Persistence, selecting “Report higher versions as compliant” ensures that the higher version remains intact and is listed as being compliant on the Application Persistence report.

6. Activate Policy

After selecting one of the three persistence modes, check the box to accept the Application Persistence Terms and Conditions and click “Save”. On the next window, select “Activate” to enable the persistence of your VPN application.

Application Persistence Reports

You can view detailed information about the health of the your VPN client on devices that have Application Persistence enabled by following the steps below.

1. Select Reports Icon

Select the “Reports” icon on the left-hand pane of the console.

2. Select Application Persistence Report

Select the “Application Persistence” report listed under “Software Assets” to view VPN compliance information across your fleet.

The Application Persistence Report provides information about the current status of your client across your devices as well as detailed information on any repair or reinstall attempts made to remediate corrupted clients.

3. Customize Application Persistence Report

You can modify the report’s columns by selecting the “Edit Columns” option on the “Settings” icon located on the top right hand side of the window. Through this, you can choose to select columns specific to your VPN application by dragging them to the “Include” section of the window, as shown below.

4. Access More Resources

For more information about how to configure Application Persistence or manage policy groups, visit the Application Persistence section of the Learning Hub.

Visit the Help for specific instructions on how to configure Application Persistence for Cisco AnyConnect each application, please visit the Help page for Cisco AnyConnect Secure Mobility Client, F5 BIG-IP Edge Client, or Pulse Secure Connect.

For additional queries about Application Persistence or Absolute, contact Absolute Support.

Visit Absolute Resources to learn more about Absolute’s Endpoint Intelligence, Resilience and Remediation capabilities.

Contact Absolute to learn more about Resilience and our licenses.