cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
292
Views
1
Helpful
8
Replies

Disable WebVPN Portal Only

m.santangelo
Level 1
Level 1

Hello all,

We have a link, https://remote.ourdomain.tld which is currently getting hammered by login attempts.  Since our VPN uses AD, the failed logins are causing AD account lockouts.

We are on Cisco FMC 7.4.2 and the FTD units themselves (FP2140's) are also on 7.4.2 with FX-OS 2.14.1.

I have tried adding a flex config:

webvpn
_keepout "503 Service Unavailable"

and 

webvpn
_portal-access-rule 1 deny any

and

webvpn
_no enable Outside

(I put the _ in there to indicate a space, but I have also tried without a space).  Whenever I add these FlexConfigs, I get errors:

HOST >> error :
portal-access-rule 1 deny any
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- portal-access-rule 1 deny any

and

HOST >> error :
keepout "503 Service Unavailable"
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- keepout "503 Service Unavailable"

 

Is there any way to disable JUST the WebVPN access? We still need people to access the VPN, but they all have installed clients on their devices.  Or failing that, is there a way to change the landing page url? something like https://remote.ourdomain.tld/randomtext would be fine because no one actually uses the WebVPN to get the software.  We tried an alias, but the alias just adds the other url, not disabling the main page at https://remote.ourdomain.tld.

1 Accepted Solution

Accepted Solutions