We have a pair of 2140 FTDs running 6.6.1 that are managed by an FMC running 6.7. We'd like to upgrade the FTDs to later firmware, but can't at the moment. We're in the process of phasing out some ASA 5505's that are running site-to-site VPN tunnels, and unfortunately these older models can't run SHA-2. Until we get these replaced, we can't upgrade to a later software version.

We have a requirement to install AnyConnect ASAP, but there is a high severity vulnerability for the web services on 6.6.1. Until we can install later software, I think we can work around  using control plane ACL on the FTDs and restrict access to AnyConnect to the couple of individuals who need to use the client VPN - we don't want to expose the web services until we're sure the vulnerabilities have been addressed.

Can a control plane ACL be configured via FMC? I've been searching for an answer, but I'm not finding the correct documentation. 

Thank you.