11-18-2021 11:11 AM
We have a pair of 2140 FTDs running 6.6.1 that are managed by an FMC running 6.7. We'd like to upgrade the FTDs to later firmware, but can't at the moment. We're in the process of phasing out some ASA 5505's that are running site-to-site VPN tunnels, and unfortunately these older models can't run SHA-2. Until we get these replaced, we can't upgrade to a later software version.
We have a requirement to install AnyConnect ASAP, but there is a high severity vulnerability for the web services on 6.6.1. Until we can install later software, I think we can work around using control plane ACL on the FTDs and restrict access to AnyConnect to the couple of individuals who need to use the client VPN - we don't want to expose the web services until we're sure the vulnerabilities have been addressed.
Can a control plane ACL be configured via FMC? I've been searching for an answer, but I'm not finding the correct documentation.
Thank you.
Solved! Go to Solution.
11-18-2021 11:22 AM
Hi @ABaker94985 no not natively in the FMC GUI, but you can use Flexconfig to configure a Control Plane ACL.
https://integratingit.wordpress.com/2021/06/26/ftd-control-plane-acl/
11-18-2021 11:22 AM
Hi @ABaker94985 no not natively in the FMC GUI, but you can use Flexconfig to configure a Control Plane ACL.
https://integratingit.wordpress.com/2021/06/26/ftd-control-plane-acl/
11-18-2021 11:31 AM
That's exactly what I was needing! I greatly appreciate the info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide