Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13706
Views
14
Helpful
4
Replies

How to disable webvpn from FMC?

Go to solution
eeebbunee
Level 1
Level 1

‎05-06-2022 02:27 PM

Hello Experts,

 

Can you tell me how can I disable webvpn from FMC?

I found still 'webvpn enabled' from my firepower configuration after I deleted Remote Access VPN.

 

Can anyone tell me how to configure to 'no webvpn enable'?

 

3 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Udupi Krishna.
Cisco Employee
Cisco Employee

‎05-07-2022 06:14 PM

Webvpn is used by anyconnect and disabling it will stop clients from connecting to the firewall. If that's what you are intending to do, webvpn can be disabled via flex config.

1. Add a new flexconfig object with below parameters.

webvpn

portal-access-rule 1 deny any

2. If there's an existing flexconfig policy attached to the FTD, select this new user defined object into it.

3. Save and deploy the policy.

 

There's a enhancement request created to add the functionality to disable the webvpn via FMC/GUI - CSCvp81746

View solution in original post

4 Replies 4

Go to solution
Udupi Krishna.
Cisco Employee
Cisco Employee

‎05-07-2022 06:14 PM

Webvpn is used by anyconnect and disabling it will stop clients from connecting to the firewall. If that's what you are intending to do, webvpn can be disabled via flex config.

1. Add a new flexconfig object with below parameters.

webvpn

portal-access-rule 1 deny any

2. If there's an existing flexconfig policy attached to the FTD, select this new user defined object into it.

3. Save and deploy the policy.

 

There's a enhancement request created to add the functionality to disable the webvpn via FMC/GUI - CSCvp81746

Go to solution
AminRamadan
Level 1
Level 1

‎02-08-2023 03:19 AM

I got the following when i tried to shutdown portal login by using FlexConfig:

Lina messages
FMC >> no strong-encryption-disable
FMC >> no dp-tcp-proxy
FMC >> policy-map global_policy
FMC >> class class-default
FMC >> exit
FMC >> vpn-addr-assign local reuse-delay 0
FMC >> crypto isakmp nat-traversal
FMC >> webvpn
FMC >> portal-access-rule 1 deny any
fw-vpn >> error :
portal-access-rule 1 deny any
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- portal-access-rule 1 deny any

 

Plus, I got the same result when I tried:

webvpn

keepout "NO SSL service available"

fw-vpn >> error :

keepout "NO SSL service available"

^

ERROR: % Invalid input detected at '^' marker.

 

0 Helpful

Go to solution
briwils3
Cisco Employee
Cisco Employee
In response to AminRamadan

‎09-21-2023 07:21 PM

Clientless SSL VPN is deprecated in all versions of FTD (and in ASA from 9.17 onwards). Thus, the command to set an access rule for the webvpn portal no longer exists. You can simply remove the FlexConfig object.

Go to solution
ejgreco
Level 1
Level 1

‎12-16-2024 07:09 AM - edited ‎12-16-2024 07:16 AM

Found the solution in a LinkedIn post. Just tested this in our lab (FTD/FMC 7.4.2.1). FlexConfig is the right option, but the correct config is:

webvpn
keepout "<insert-text-for-browser"

For the "insert text" portion, I just used 503: Service Unavailable. With the amount of DDoS attacks (brute force/password sprays) VPNs are experiencing, I would just stick with standard HTTP error messages.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card