04-10-2022 07:06 PM - edited 04-10-2022 07:10 PM
Hello Experts
i would like to know does SSL VPN ( clientless) is supported on models FTD 1000, 2000, 3000, 4000, 9000, and if then what version is supported.
thanks
Solved! Go to Solution.
04-11-2022 12:12 AM
@adamgibs7 FTD does not now and will not ever support clientless SSL VPN.
Cisco does still support it on ASA software up until software version 9.16. Version 9.17 and later remove clientless SSL VPN support. Reference:
One option is the run ASA image on a Firepower appliance (or an ASAv VM) in the DMZ with ASA software 9.16 or lower. You will be at a dead end however in terms of software support past 9.16.
It is Cisco's positions that SASE type solutions such as Umbrella SIG cloud-delivered firewall with Remote browser isolation, Duo Network gateway etc. are a better solution for the types of access traditionally provided via clientless SSL VPN. Agree or not, that's how they are deciding to address that market segment.
04-10-2022 07:26 PM
Yes for all models. Version 7.0.1 (or later) is recommended for best feature support as features have been added since the initial SSL VPN support was introduced several years ago.
Note if the 4100 series or 9300 series are configured in a cluster, SSL VPN is not supported.
04-10-2022 11:45 PM - edited 04-10-2022 11:46 PM
Dear Marvin
I was asking for clientless SSL vpn , hence in the config guide it is mentioning that it is still not supported. if the client wants to use SSL clientless VPN what is the alternate in firepower threat defense.
thanks
04-11-2022 12:12 AM
@adamgibs7 FTD does not now and will not ever support clientless SSL VPN.
Cisco does still support it on ASA software up until software version 9.16. Version 9.17 and later remove clientless SSL VPN support. Reference:
One option is the run ASA image on a Firepower appliance (or an ASAv VM) in the DMZ with ASA software 9.16 or lower. You will be at a dead end however in terms of software support past 9.16.
It is Cisco's positions that SASE type solutions such as Umbrella SIG cloud-delivered firewall with Remote browser isolation, Duo Network gateway etc. are a better solution for the types of access traditionally provided via clientless SSL VPN. Agree or not, that's how they are deciding to address that market segment.
04-11-2022 01:13 AM
Dear Marvin
thanks for the reply, i dont want to get it locked hence it is a new buy of hardware customer wants to expand for 5 to 6 yrs and cloud is not the option for the customer.
Regards
Adam
11-12-2022 08:06 AM
Dear Marvin
Does Cisco supports on FTD SSL VPN (browser based vpn) as equivalent to global protect VPN Or still it is lacking for the same.
Thanks
11-12-2022 08:13 AM
@adamgibs7 FTD doesn't and will not support clientless VPN (browser based VPN), the FTD only supports using the AnyConnect Client VPN, using either SSL/TLS or IPSec protocols.
11-13-2022 02:15 AM
Cisco positions other SASE-type technologies in lieu of clientless SSL VPN. For example, Umbrella Secure Internet Gateway (SIG) with optional remote browser isolation (RBI).
11-14-2022 01:55 AM
To add to this, Clientless VPN is getting replaced by Duo Network Gateway https://duo.com/docs/dng
11-20-2022 12:10 PM
Dear Marvin
Can you elaborate more which umbrella service as per the below link is compared to client less browser vpn,
11-21-2022 05:16 AM
Umbrella Secure Web Gateway using PAC file for browser redirection will send the browser's traffic to the cloud-based Umbrella gateway. From there, you can have IPsec VPN tunnels back to your on-premise resources as required.
https://support.umbrella.com/hc/en-us/articles/360044239672-Connection-Methods-to-Secure-Web-Gateway
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide