Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
3
Helpful
9
Replies

Cisco Secure Desktop on FTD

andypowernet85
Level 1
Level 1

‎03-10-2025 07:01 AM

Afternoon,

When browsing to the public IP of the FTD managed by FMC, I am being  directed to /CACHE/sdesktop/install/start.html and presented with a Cisco Secure Desktop page.  Does anyone know this can be disabled and why it is being presented?

Regards,

0 Helpful
9 Replies 9

rschlayer
Level 4
Level 4

‎03-10-2025 07:20 AM

Looks like you have AnyConnect VPN enabled, you can disable that portal using FlexConfig: https://bst.cisco.com/bugsearch/bug/CSCvp81746

0 Helpful

andypowernet85
Level 1
Level 1

‎03-10-2025 08:15 AM

Thanks, but that would not help if you still wanted to provide access to the web portal to download anyconnect.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to andypowernet85

‎03-10-2025 08:29 AM

@andypowernet85 please see this bugID: https://bst.cisco.com/bugsearch/bug/CSCwi63184?rfs=qvred

Basically, you need to add a Flexconfig to specify "without-csd" in your tunnel-group (aka connection profile)

andypowernet85
Level 1
Level 1
In response to Marvin Rhoads

‎03-10-2025 09:37 AM

Thanks for the info! That would be under both defaultwebvpn and the specific RA connection profile?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to andypowernet85

‎03-10-2025 08:28 PM

@andypowernet85 

If they are exposed via your VPN configuration, yes.

0 Helpful

ronnie.shih
Level 1
Level 1

‎08-28-2025 07:29 AM

I am facing this same issue, except, we have dynamic access policy for endpoint posture scan enabled.  Our security team flagged and hunted after me saying "why are our FTDs showing this cisco secure desktop page?" and is there anyway to disable it?  I configured a group-url, inserted "without-csd" flag under webvpn along with a keepout message.  Cisco secure desktop page now does not show, but at the same time, posture scan is no longer happening.  

So is there a way to make dynamic access policy with posture scan work without showing the cisco secure desktop page when browsing to the vpn access URL of the FTD?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ronnie.shih

‎08-28-2025 08:11 AM

@ronnie.shih unfortunately, no. Enabling DAP with posture scanning means you will see the CSD page, even though that feature is not in use. I doubt this will ever change since it is mostly a legacy feature and not being actively developed/enhanced.

0 Helpful

ronnie.shih
Level 1
Level 1

‎08-28-2025 06:27 PM

Is there such a thing as a new posture scan option in FTD for endpoints vpn-in?  Or is DAP with hostscan package still the only option?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ronnie.shih

‎08-28-2025 07:17 PM

@ronnie.shih nothing specific to FTD - DAP with hostscan continues to be the only options there.

If you offload posture to Cisco ISE, it can handle the function (and much more) as part of the Authorization conditions and associated results.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card