Showing results for 
Search instead for 
Did you mean: 

Deploy and manage Cisco AnyConnect clients on macOS

Rising Star III
Rising Star III


If you need to deploy/manage Cisco AnyConnect clients on macOS: you can find a great script here written by @Fulgubbe - which is working as expected for me. It just tweaked the XML for the profile a bit to my own needs. As an example, I bumped the AuthenticationTimeout to 60 seconds so that the users are able to respond to the Push-MFA. (How to use Push-MFA with RADIUS -> here and here)





<AnyConnectProfile xmlns="">





Besides the deployment of the AnyConnect Client and the profile, it's recommended to configure the SystemExtension within a MDM-Policy
I configured the policy based on this guidance by Cisco for macOS 11:

Property Value
Team Identifier DE8Y96K9QP
Bundle Identifier
System Extension Type NetworkExtension


Property Value
AutoFilerEnabled false
FilterBrowsers false
FilterSockets true
FilterPackets false
FilterGrade firewall
FilterDataProviderDesignatedRequirement anchor apple generic and identifier
and (certificate
/* exists */ or certificate
1[field.1.2.840.113635.] /*
exists */ and certificate
/* exists */ and certificate
leaf[subject.OU] = DE8Y96K9QP)
UserDefinedName Cisco AnyConnect Content Filter

Screenshot 2022-12-08 at 16.53.59.pngScreenshot 2022-12-08 at 16.54.23.png

Post deploying the client & profile via Command and enforcing the policy, I have configured and ready-to-use AnyConnect-VPN.
Screenshot 2022-12-08 at 17.04.43.png

You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.