Alternative for for webvpn

abraham-F · ‎09-30-2024

Hello All,

My organization recently migrated from the ASA firewall to the Cisco FTD. I noticed from my little research that the webvpn was discontinued in cisco FTD. I somehow still believe cisco would have created some work around or something and maybe I am not looking in the right direction. Can someone help direct me to any resource that can help me achieve webvpn on cisco FTD with/without cisco ISE.

Thanks

MHM Cisco World · ‎09-30-2024

Why you looking for orher ra vpn other than anyconnect?

Note:-Webvpn is called now secure client

MHM

Rob Ingram · ‎09-30-2024

@abraham-F if running FTD 7.4 and managed by FMC you can use ZTNA which provides Clientless Zero Trust Access for Applications, similar to the old functionality of Clientless Webvpn on the ASA. Else the original suggestion by Cisco when Clientless was depreciated was to use Duo Network gateway.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/ztap.html?bookSearch=true

abraham-F · ‎09-30-2024

@Rob Ingram, thanks for this. Unfortunately, I don't think we are currently subscribed to the ZTNA license. But this points me in a good direction as far as going the Cisco route is concerned.

Rob Ingram · ‎09-30-2024

@abraham-F for ZTNA you would need the basic Essentials (Base) License that comes with the FTD, a IPS/Threat License needed only if using Intrusion or Malware Policy (optional). Obviously you'd need the FMC licensing too.