This article describes how to control the auto upgrade or downgrade of the Secure Access Client when connecting to an Access Gateway Enterprise Edition appliance.

Each time the Virtual Private Network (VPN) client (Secure Access Client) connects to the logon point of Access Gateway Enterprise Edition appliance, the version information is exchanged. This ensures that updates to the appliance firmware are automatically sent to each client. In certain scenarios, such as when troubleshooting an issue with technical support, there might arise a need to temporarily disable the auto-update functionality to isolate the issue.

Instructions

Note: With Mac OS X client, it is possible to prevent older Mac OS X (10.5/10.6) clients from being forced to upgrade to newer client. It is not supported by using rewrites because Mac OS X VPN client 2.1.2 and later, are not supported on older Mac OS X versions.

1. Add rewrite action MacVersionChange replace_http_res "\"2.0.0 (100)\"".

2. Add rewrite policy MacVersionChange "HTTP.REQ.URL.CONTAINS(\"macversion.txt\") && HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"Mac OS X 10_6\")" MacVersionChange.

3. Bind rewrite global MacVersionChange 100 END -type RES_DEFAULT.

There is no equivalent of the EnableAutoUpdate setting on Mac OS X. For assistance, contact Citrix Technical Support.

Caution! The registry change and disabling Auto-update may affect important functionality. Disable Auto-update only when is absolutely necessary and always for a limited period of time. Running a production environment with Auto-update disabled is untested and therefore not supported. For more information, contact Citrix Technical Support. Refer to the Disclaimer at the end of this article before using Registry Editor.

To change the auto upgrade or downgrade, set the value to 0 (zero) in the following registry setting:
HKLM\Software\Citrix\Secure Access Client\EnableAutoUpdate to '0'.
If you set this value to 0 (zero), then the Secure Access Client does not update automatically.