Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2166
Views
0
Helpful
10
Replies

FTD 1000,2000, 3000,4000, 9000 series SSL VPN

Go to solution
adamgibs7
Level 6
Level 6

‎04-10-2022 07:06 PM - edited ‎04-10-2022 07:10 PM

Hello Experts

i would like to know does SSL VPN ( clientless)  is supported on models FTD 1000, 2000, 3000, 4000, 9000, and if then what version is supported.

 

thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to adamgibs7

‎04-11-2022 12:12 AM

@adamgibs7 FTD does not now and will not ever support clientless SSL VPN.

Cisco does still support it on ASA software up until software version 9.16. Version 9.17 and later remove clientless SSL VPN support. Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/release/notes/asarn917.html#reference_yw3_ngz_vhb

One option is the run ASA image on a Firepower appliance (or an ASAv VM) in the DMZ with ASA software 9.16 or lower. You will be at a dead end however in terms of software support past 9.16.

It is Cisco's positions that SASE type solutions such as Umbrella SIG cloud-delivered firewall with Remote browser isolation, Duo Network gateway etc. are a better solution for the types of access traditionally provided via clientless SSL VPN. Agree or not, that's how they are deciding to address that market segment.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-10-2022 07:26 PM

Yes for all models. Version 7.0.1 (or later) is recommended for best feature support as features have been added since the initial SSL VPN support was introduced several years ago.

Note if the 4100 series or 9300 series are configured in a cluster, SSL VPN is not supported.

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/firepower_threat_defense_remote_access_vpns.html#Cisco_Reference.dita_17d8deab-d795-47b0-a56b-4a90c15b05c7

0 Helpful

Go to solution
adamgibs7
Level 6
Level 6
In response to Marvin Rhoads

‎04-10-2022 11:45 PM - edited ‎04-10-2022 11:46 PM

Dear Marvin

 

I was asking for clientless SSL vpn , hence in the config guide it is mentioning that it is still not supported. if the client wants to use SSL clientless VPN what is the alternate in firepower threat defense.

 

Firepower Management Center Configuration Guide, Version 7.0 - Remote Access VPNs for Firepower Threat Defense [Cisco Firepower Management Center] - Cisco

 

thanks

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to adamgibs7

‎04-11-2022 12:12 AM

@adamgibs7 FTD does not now and will not ever support clientless SSL VPN.

Cisco does still support it on ASA software up until software version 9.16. Version 9.17 and later remove clientless SSL VPN support. Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa917/release/notes/asarn917.html#reference_yw3_ngz_vhb

One option is the run ASA image on a Firepower appliance (or an ASAv VM) in the DMZ with ASA software 9.16 or lower. You will be at a dead end however in terms of software support past 9.16.

It is Cisco's positions that SASE type solutions such as Umbrella SIG cloud-delivered firewall with Remote browser isolation, Duo Network gateway etc. are a better solution for the types of access traditionally provided via clientless SSL VPN. Agree or not, that's how they are deciding to address that market segment.

0 Helpful

Go to solution
adamgibs7
Level 6
Level 6
In response to Marvin Rhoads

‎04-11-2022 01:13 AM

Dear Marvin

thanks for the reply, i dont want to get it locked hence it is a new buy of hardware customer wants to expand for 5 to 6 yrs and cloud is not the option for the customer.

 

Regards

Adam

 

0 Helpful

Go to solution
adamgibs7
Level 6
Level 6
In response to adamgibs7

‎11-12-2022 08:06 AM

Dear Marvin

Does Cisco supports on  FTD SSL VPN (browser based vpn) as equivalent to global protect VPN Or still it is lacking for the same.

Thanks

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to adamgibs7

‎11-12-2022 08:13 AM

@adamgibs7 FTD doesn't and will not support clientless VPN (browser based VPN), the FTD only supports using the AnyConnect Client VPN, using either SSL/TLS or IPSec protocols.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to adamgibs7

‎11-13-2022 02:15 AM

Cisco positions other SASE-type technologies in lieu of clientless SSL VPN. For example, Umbrella Secure Internet Gateway (SIG) with optional remote browser isolation (RBI).

 

0 Helpful

Go to solution
rschlayer
Level 4
Level 4

‎11-14-2022 01:55 AM

To add to this, Clientless VPN is getting replaced by Duo Network Gateway https://duo.com/docs/dng

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to adamgibs7

‎11-21-2022 05:16 AM

Umbrella Secure Web Gateway using PAC file for browser redirection will send the browser's traffic to the cloud-based Umbrella gateway. From there, you can have IPsec VPN tunnels back to your on-premise resources as required.

https://support.umbrella.com/hc/en-us/articles/360044239672-Connection-Methods-to-Secure-Web-Gateway

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card