Hello all,
We have a link, https://remote.ourdomain.tld which is currently getting hammered by login attempts. Since our VPN uses AD, the failed logins are causing AD account lockouts.
We are on Cisco FMC 7.4.2 and the FTD units themselves (FP2140's) are also on 7.4.2 with FX-OS 2.14.1.
I have tried adding a flex config:
webvpn
_keepout "503 Service Unavailable"
and
webvpn
_portal-access-rule 1 deny any
and
webvpn
_no enable Outside
(I put the _ in there to indicate a space, but I have also tried without a space). Whenever I add these FlexConfigs, I get errors:
HOST >> error :
portal-access-rule 1 deny any
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- portal-access-rule 1 deny any
and
HOST >> error :
keepout "503 Service Unavailable"
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- keepout "503 Service Unavailable"
Is there any way to disable JUST the WebVPN access? We still need people to access the VPN, but they all have installed clients on their devices. Or failing that, is there a way to change the landing page url? something like https://remote.ourdomain.tld/randomtext would be fine because no one actually uses the WebVPN to get the software. We tried an alias, but the alias just adds the other url, not disabling the main page at https://remote.ourdomain.tld.