03-06-2020 08:57 AM
I tried to create a ACL which was configured as source zone and destination zone both outside with a source IP as my public IP action deny, but once applied, I can still access the VPN signin page. Is there a way to block access to remote VPN from specific IPs?
Thank you!
03-06-2020 09:04 AM
if this firepower Geo based ACL possible, if this ASA ( i am afraid as far as i concernt it available on ASA code)
03-06-2020 09:09 AM
Yes, it's a FTD firewall managed by FMC running the latest 6.5 code. I'm trying to research and perhaps it needs to be a control panel access control instead of the typical ACL rule? Not sure how or if a control panel ACL can be configured with FMC/FTD?
03-06-2020 09:22 AM
Hi,
Use flexconfig to deploy a control-plane AC; if it doesn't work, open a TAC case and mention this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn78593/?rfs=iqvred
Regards,
Cristian Matei.
11-18-2020 01:43 AM
Hello,
Could you give us some hint how the flexconfig configuration should be?
Regards,
Konstantinos
03-06-2020 09:33 AM
here is the guide for Geo location based rules for reference :
https://networkdirection.net/articles/firewalls/firepowermanagementcentre/fmcaccesscontrolpolicies/
03-06-2020 09:36 AM
I'm using geo ACL rules else where and it works fine. I just can't restrict access to VPN landing page which is hosted from the firewall outside interface.
03-06-2020 09:40 AM
Try @Cristian Matei suggested flexconfig, if that is feasible for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide