Guidelines and Limitations for Secure Client Customizations

Guidelines

  • Ensure that you import the xml file to the object defined as DfltCustomization. When you import the customization object, the Firewall Management Center checks the XML code for validity.

    For example:

    hostname# import webvpn customization DfltCustomization disk0:/csm/defaultcustomizationwebvpn.xml

  • Add the Windows Cisco Secure Client headend deployment package to the remote access VPN policy before deploying customization commands. This package must be included when supporting Windows, MacOS, or Linux clients.

General Limitations

  • If there are any customizations earlier than 7.4 configured directly on the threat defense using the CLI, the management center removes these customizations during deployment.

  • No clustering support.

Limitations for Secure Client Customizations

Customization

Limitations

GUI Text and Message Customizations

  • You must restart Secure Client before you use this customization.

  • No support for right-to-left languages.

  • Some strings are truncated in the GUI due to hardcoded field lengths.

  • Some messages are hardcoded in the client. For example:

    • Status messages (during an update)

    • Untrusted server messages

    • Deferred update messages

  • Localization is version-specific.

    If an Administrator created a translation table based on a template of an old Secure Client version, the new messages do not appear to the remote users. The Administrator must merge the latest template with the translation table so that the table has the new messages. You can use third-party tools like Get text to perform the merge.

Icons and Images Customizations

  • You must restart Secure Client before you use this customization.

  • The customization object names must match the Secure Client GUI filenames. File names are different for each operating system and are case-sensitive. For more information about the filenames, extensions, and sizes for each OS, see the Cisco Secure Client Administrator Guide.

  • Images do not appear properly if the image size is not correct. The management center or the threat defense device does not verify the image size.

  • MacOS does not support customization of Secure Client images and icons.

Deploy Customized Scripts

  • Secure Client runs only one OnConnect and one OnDisconnect script; however, these scripts may launch other scripts.

  • Scripts can only execute functions that the user has the right to invoke.

  • You cannot launch the OnConnect script from the Start Before Logon (SBL) GUI.

Deploy Custom Applications Using Cisco Secure Client APIs (Binaries)

  • After you use this customization, if you deploy an updated version of the Secure Client on the management center, the client will download the update and replace your custom UI.

Customize the Client Installer

  • This customization is available only for Windows.