Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have been messing around with some VPN AuthN and AuthZ using Cisco ISE and Microsoft NPS as RADIUS Token vs RADIUS External server. I've noticed that since I switched to this Token or External sequence, I no longer see any events in the RADIUS live...
We just purchased an additional 200 AnyConnect Plus licenses to go with the previous 25 we had before. I went into our Smart Account and converted the PAK to a SmartLicense, and the refreshed the Smart License in the FMC. However, I just can't figure...
I have a need to import large lists of IP address ranges for services from Microsoft, Zoom, WebEx, etc, so I can build rules around them. Is there any way to do this in FMC? I've read a little about the FirePower Migration Tool, but I don't have an A...
Hello all. I have a few AnyConnect VPN clients that are complaining about slow performance in certain apps. I'm pretty sure the issue is cause by the user's ISP service latency (70 ms) to my FTD, combined with some older, noisy apps (Lotus Notes). Ho...
I have been tasked with integrating AzureAD Cloud Multi-Factor Authentication (MFA) with our AnyConnect VPN authentication process. Please note we only have FTD OS firewalls. Guidance for this scenario on FTD OS does not seem to exist.The AzureAD MFA...
One thing I will add here is that NPS has a limitation where it does not return any RADIUS attributes to the VPN client under certain MFA scenarios. We need to assign different AnyConnect Group Policies to different users, and this requires returning...
Yes, I was hopeful that FTD 6.7 would simplify our infrastructure with direct SAML support for VPN Auth. However, I have heard that AnyConnect does not support SAML for "Start Before Login". SBL is important for us, so we are going to have to keep NP...
@sysnet_striver Cisco ISE is not free. It is a licensed product and runs on its own separate server(s).You don't need ISE to integrate with Azure MFA. ISE is a RADIUS server, just like Microsoft's NPS server role. You will need an on-prem NPS server ...
