cancel
Showing results for 
Search instead for 
Did you mean: 

Patch Management in 8.1?

Frequent Contributor

Patch Management in 8.1?

I'm not sure I understand the new patch management funtionality in 8.1. The admin guide says there is a seperate license required but our SE says there isn't. I can create a HC policy and choose "Windows Update" or "Windows Automatic Update" but there's no choice of which patcehs to check for or any other details. And even though Windows update says I'm all up to date  I fail the HC policy. Is it just checking that Windows update is enabled? Does anyone have any other details?

The 8.1 admin guide  describes downloading a list of the latest patches from the Pulse Secure staging site but I don't see anywhere to do that.

 

 

Thanks

3 REPLIES
Regular Contributor

Re: Patch Management in 8.1?

The new feature in 8.1 (Patch Management) is different from the old one (Patch Assessment). The new feature will only verify if the endpoint complies with a customer's Patch Management Policies. The patch management server and client are both independent components not tied to the SSL VPN gateway in any way except for the interop/compatability between the host checker client and the patch management client installed on client machine.  

 

The new feature is similar to the predefined AV rule functionality where Host Checker client will query the pre-installed 3rd party Patch Management client software. 

 

You can select the Patch Management product from drop down when configuring a Predefined Patch Management Policy in Admin UI. Currently there are 7 different Patch Management products/versions to select from.

 

As and when interop with new products are available they will be packaged into the ESAP package and released (similar to the current predefined Anti-Virus checks feature)

 

Unlike the old Patch Assessment feature, no additional license is required for this feature. 

Contributor

Re: Patch Management in 8.1?

I know this is an old thread but i'm running into patch management issues after upgrading to 8.1.3. My test client is using a WSUS connector to pull patches from our WSUS server. The server only offers critical, important, and moderate patches.

The client is fully patches based on what is available to it from the WSUS server. However, it is failing for patch compliance. I have the HC policy set to query WUA 7.x. Is there something I'm missing?

Highlighted
Regular Contributor

Re: Patch Management in 8.1?

If the client is updated and if it still fails compalince checks it sounds like a bug. Is this a day one issue or did it break after upgrade to 8.1R3? 

 

Can you report to Pulse Secure support? They will proabbly needs logs from the latest ESAP diag tool @ 

 

https://www.juniper.net/support/downloads/?p=esap#sw