Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
1
Replies

Cisco AnyConnect | AMP, Umbrella & Multiple Groups

muneeb.ali07
Level 1
Level 1

‎10-07-2020 09:55 AM

Greetings,

     The environment is running the FMCv with ASA-5506-X backed by Cisco ISE. I have seen public Cisco pages for features but couldn't find much on the following:

 

  1. Multiple Groups in the AnyConnect Client. Is it possible to segregate the users into groups and permissions based on their groups in the AD
  2. Integration of AMP for Endpoint with Cisco AnyConnect. Based on the groups segregation, only specific users should synchronize with AMP for Endpoints
  3. Integration of Umbrella with Cisco AnyConnect. Although, it seems feasible and there is public documentation available for the ASA but in case of FTD, there's limited support on it. Is it possible or integration available for this use case.

ISE version 2.4

FMCv version 6.4.0.9

FTD version 6.4.0.9

 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎10-07-2020 10:26 AM

Hi @muneeb.ali07 

I assume you want to authorise the users when connecting to a VPN using AnyConnect? If you are using ISE, you would create different authorisation rules using AD groups as conditions. E.g.

 

3.PNG

 

What kind of integration of AnyConnect and Umbrella are you looking for? There is the AnyConnect Umbrella module, which is integrated into the AnyConnect client, running ASA/FTD makes no difference to AnyConnect. If off-site and not connected to the VPN tunnel, DNS requests would go direct to Umbrella. If on the tunnel then the DNS requests are tunneled to the internal DNS server.

0 Helpful
Customers Also Viewed These Support Documents