07-10-2020 03:22 AM
Hello for everybody.
Is there anyconnect start before logon in firepower 1140 devices managed by fmc?
Solved! Go to Solution.
07-10-2020 04:01 AM
Hi Kapydan88,
I agree with Rob’ reply, the FTD does not work the same way the ASA does for the modules deployment.
However, as a solution for this, the SBL’s module which is named “vpngina” can be enabled on the FTD/FMC by using FlexConfig.
See the following link under “Configure AnyConnect Modules and Profiles Using FlexConfig”:
Rate if it helps.
Regards,
Josue Brenes
TAC - VPN Engineer.
07-10-2020 03:35 AM - edited 07-10-2020 03:42 AM
Hi,
If you pre-deploy the GINA module and AnyConnect profile using your software management solution (such as SCCM) to the client computer, SBL will work when connecting to an FTD.
FTD/FMC just doesn't support the deployment of the SBL module, as the ASA currently does.
HTH
07-10-2020 04:10 AM
Yes, i couldnt find any info about this feature for Firepower 1140 - only for ASA.
To get GINA, i need to download the predeploy archive for Windows, unpack it and select the necessary file?
07-10-2020 04:14 AM
07-10-2020 04:01 AM
Hi Kapydan88,
I agree with Rob’ reply, the FTD does not work the same way the ASA does for the modules deployment.
However, as a solution for this, the SBL’s module which is named “vpngina” can be enabled on the FTD/FMC by using FlexConfig.
See the following link under “Configure AnyConnect Modules and Profiles Using FlexConfig”:
Rate if it helps.
Regards,
Josue Brenes
TAC - VPN Engineer.
07-10-2020 04:48 AM
If i understood correctly, i need to use next chapter - "Configure AnyConnect Modules and Profiles Using FlexConfig".
And if i want add only gina module i need to add next config in flexconfig for every from policies?
webvpn
group-policy <GP_NAME> attributes
webvpn
anyconnect modules value vpngina
07-10-2020 05:07 AM
That is correct.
Rate if it helps.
Regards,
Josue Brenes
TAC - VPN Engineer.
07-10-2020 05:14 AM
But how this feature works with LDAP attribute map? Because several access groups are configured on this device for remote connection.
07-10-2020 08:06 AM
Actually, it has nothing to do with the LDAP attribute mapping.
The link I shared just contains some advanced FMC deployments where the LDAP mapping is one of them but it's completely unrelated to the Anyconnect Modules section.
Rate if it helps.
Regards,
Josue Brenes
TAC - VPN Engineer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide