01-28-2019 02:30 AM
hello
anyone already configured vpngina SBL with cisco FTD/FMC 6.2.3 ?
i cannot find option "optional client module to load" or svc modules value vpngina in FMC GUI
Anyone managed to get it work ?
using AAA userlogin/pwd ? client certificate ? client certificate + AAA ?
using FMC/FTD 6.2.3 and anyconnect 4.6
thanks
guillaume.
Solved! Go to Solution.
08-06-2020 11:06 AM
Firepower 6.7 will have full support of all the AnyConnect modules built into the GUI.
01-28-2019 09:39 AM
Only the base VPN module is currently supported for installation and associated profile push via FTD remote access VPN.
This is true even with the current latest release 6.3:
07-18-2019 07:49 AM
Hello friends,
So, theres no way to set it on FMC?
Best,
Emerson Albuquerque
07-18-2019 08:23 AM
@emerson.albuquerque1 that remains the case as of the current release (Firepower 6.4.0.2).
05-14-2020 01:03 PM
Only the base VPN module is currently supported for installation and associated profile push via FTD remote access VPN.
HI. Just to clarify, if I pre-deploy the GINA module to my clients, will Start Before Logon work? The limitations you are referring to are for deploying AnyConnect and related modules from the FTD WEB VPN page, right?
05-14-2020 01:10 PM
Hi @cfitzgerald
Yes, if you pre-deploy the GINA module and AnyConnect profile to the client computer, SBL will work when connecting to an FTD. FTD just doesn't support the deployment of the SBL module, as the ASA currently does.
HTH
08-06-2020 10:29 AM
My experience is that the lack of controlling which AnyConnect "modules" get web-deployed via the FTD (compared to the ASA web-deploy) is worse than that.
I have had issues where:
* Client has older version of AnyConnect installed (let's say 4.5).
* This includes version 4.5 of Core, DART and vpngina (SBL).
* They connect to the FTD.
* The FTD tries to download and upgrade their "Core" module from 4.5 to whatever it has (let's say 4.8).
* The upgrade FAILS because it doesn't know how to upgrade SBL (vpngina) from 4.5 to 4.8.
* This leaves the client with a non-functional AnyConnect setup (i.e. core not installed any more).
Conversely, if they connect to one of my ASA's instead of the FTD, and do the same thing - everything upgrades in-place just fine.
Cisco really needs to fix this, it's yet another reason why the FTD/FMC system just isn't a complete replacement for the older ASA line of products. Too many weird little things like this- IMH(f)O.
08-06-2020 11:06 AM
Firepower 6.7 will have full support of all the AnyConnect modules built into the GUI.
08-06-2020 12:34 PM
Really? What's your source?
08-06-2020 09:41 PM - edited 08-06-2020 09:43 PM
@gilbert.aispuro1 my source is hearing it directly from Cisco at Cisco Live Europe earlier this year.
Also I have the beta installed and see it as shown below:
08-08-2020 12:02 AM
What!! SWEET!
SOOOOOOO, how do I get that? Not seeing it in Software Downloads in Cisco. :)
08-08-2020 04:58 AM
@gilbert.aispuro1 "Firepower 6.7 will have" = future tense. It's still in beta. We expect it to be released in September or October this year.
08-08-2020 11:11 AM
Good to know and thanks!
09-25-2020 07:03 AM
Marvin - Im using FDM to configure my FTD, would it be the same on FDM?
09-25-2020 11:23 PM
@chong00011 I don't beelive they have it quite as finished for an FDM-managed FTD device in 6.7.
You can use the FTD API to upload module profiles used with AnyConnect, such as AMP Enabler, ISE Posture, or Umbrella. You must create these profiles using the offline profile editors that you can install from the AnyConnect profile editor package.
Cisco added the anyConnectModuleType attribute to the AnyConnectClientProfile model. Although you can initially create AnyConnect Client Profile objects that use module profiles, you will still need to use the API to modify the objects created in FDM to specify the correct module type.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide