04-17-2024 03:36 AM - edited 04-17-2024 03:57 AM
Hello ,
Cisco FPR version 7.2.5 is possible make group lock for local user that connect to local network over AnyConnect.
I want to make Anyconnect access in our network where we have more group policy, we can not find that we can lock local user for some group policy.
04-17-2024 04:40 AM
I believe this feature is still not natively supported in the GUI:
CSCvz10754 ENH: RAVPN(FMC): Option to add attributes for Local user
You can try to use Flex config to generate same CLI on FTD as on ASA to lock users:
user <name> attributes
group-lock value <tunnel-group>
04-17-2024 05:50 AM
HI,
I tried, and it is unsupprted.
04-17-2024 07:13 AM
This feature is depend on that user is local in db of ftd'
You use AD ? What is the connection profile ypu use' can you share screenshots of auth server page?
MHM
04-17-2024 12:23 PM - edited 04-17-2024 12:24 PM
thank you for your resonse. i want to use local user, same as cisco ASA have that feature.
i have that user in local in db. it is so strange why it is not accept.
> show running-config username
username zsanjin password ***** encrypted
thank you
04-18-2024 01:50 AM
Interesting because the "username" command doesn't seem to be part of the blacklisted commands on FlexConfig. Does the error show you anything if you try to scroll down using the little arrows? also, did you try without adding any spaces on the "group-lock" line?
04-18-2024 03:36 AM
Hello,
Thank you very much for your response.
I tried to add username and password only it show unsupported.
05-22-2024 03:08 AM
Hi guys,
Any luck with the group-lock thing for local user?
Thanks.
05-23-2024 01:49 AM
Hello,
it is not possible for now. Workaourd is to user profiles nad Group URL... but it is not best solution, or AD intergration is support Group Mapping.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide