Re: Firepower SSO for multiple connection profiles

MauryJ · ‎07-12-2024

Hi all,

We've been using Duo Firepower SSO with our ASA/FTD to protect our AnyConnect/Secure Client users and it's been working well.

However, we have a need to give VPN access to a couple of vendors, and we traditionally create custom VPN profiles for them to use, in order to restrict network access. Would we be able to create multiple protected applications in Duo for Firepower SSO, with each setup to protect different connection profiles?

Thanks

ccieexpert · ‎07-16-2024

Please take a look at this as this was done with ASA, but i think something similar should work on FTD:

https://community.cisco.com/t5/security-knowledge-base/anyconnect-vpn-saml-sso-with-azure-idp-multi-tunnel-groups/ta-p/4563095

Also you can make it work without multiple connection profiles either by using authorization of the same user via local ldap or radius server that can push down a group policy that is different based on the AD group.

https://www.wiresandwi.fi/blog/asa-vpn-saml-authentication-some-tips-and-tricks

MHM Cisco World · ‎07-21-2024

Are this issue solved ?

MHM

Firepower SSO for multiple connection profiles

Catalyst 9800 HA SSO 障害時の機器交換(Active機障害)

【原创】Firepower 6.3 新特性介绍: Multiple Instance

Visão geral do modelo de configuração Catalyst 9800 - Tags e Profiles

Catalyst 9800 HA SSO 障害時の機器交換(Standby機障害)

Firepower System and FTD: Bug Trend (2024年)