The SSL VPN client comes as an EXE download and isn’t upgradable by end users unless they have local administrator rights. Below is my PowerShell script which I run on my computers with GPO as a Computer Startup Script. It checks the version of the installed VPN client, checks the WatchGuard website to see if there’s a newer version available, and if so, downloads and silently installs it. The URL in the $url variable is the client for M4800 and M5800 series Fireboxes. Adjust for your firewalls if necessary. I hope you find this useful.
Edit: You can add /norestart to the Start-Process line to avoid unexpected reboot after installation.
# Start logging
$logFile = "$env:TEMP\VPN-upgrade.txt"
Start-Transcript -Path $logFile
# This variable stores the path to the installed VPN client executable file.
$exePath = "C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnc.exe"
# This variable stores the URL of the web page where the latest VPN client can be downloaded.
$url = "https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2R0H000000rTKjUAM"
Write-Host "Temp folder is $env:TEMP"
# If the executable file exists at the specified path, proceed with the following steps.
if (Test-Path $exePath) {
# Get the file version of the installed VPN client with commas and spaces
$fileVersionString = (Get-Item $exePath).VersionInfo.FileVersion
# Replace commas and spaces in the version string with dots to standardize the format.
$formattedVersionString = $fileVersionString -replace ", ", "."
# Convert the formatted version string to a [Version] type object for comparison.
$installedVersion = [Version]$formattedVersionString
# Output the installed version to the console.
Write-Output "Found installed version $installedVersion"
# Use Invoke-WebRequest to get the content of the web page
$response = Invoke-WebRequest -UseBasicParsing -Uri $url
# Use a regular expression to find the download link for the VPN client executable in the web page content.
$regexLink = "(https.*?WG-MVPN-SSL_.*?\.exe)"
$matchLink = [regex]::Match($response.Content, $regexLink)
# Use a regular expression to find the latest version number of the VPN client in the web page content.
$regexVersion = "Mobile VPN with SSL (\d+\.\d+\.*\d*) for Windows"
$matchVersion = [regex]::Match($response.Content, $regexVersion)
# If both the download link and version number are found in the HTML, store them and output the latest version number.
if ($matchLink.Success -and $matchVersion.Success) {
$downloadUrl = $matchLink.Groups.Value.Item(1)
$latestversion = $matchVersion.Groups.Value.Item(1)
Write-Output "Latest available version number: $latestversion"
Write-Output "Download link for latest VPN client: $downloadUrl"
} else {
Write-Output "There was an error reading the web page"
}
# Compare the installed file version with the latest available version
if ($installedVersion -lt $latestVersion) {
Write-Output "The VPN Client is out of date and the new one will be installed now."
# Define the download file path
$outputFile = "$env:TEMP\WG-MVPN-SSL_$latestversion.exe"
# Download the file
Invoke-WebRequest -UseBasicParsing -Uri $downloadUrl -OutFile $outputFile
Write-Output "File downloaded to: $outputFile"
# Run the installer
write-output "Running the installer now"
Start-Process $outputFile -ArgumentList "/silent /verysilent" -Wait
} else {
Write-Output "The installed version is up to date."
}
# If the executable file does not exist at the specified path, output a message indicating this.
} else {
Write-Output "The Watchguard Mobile VPN with SSL Client is not installed."
}
# Stop logging
Stop-Transcript