I have the post-auth banner configured, but yes, I was hoping for a pre-auth warning or modify the login box.

Thanks for pointing that line out Marvin.  I must have missed it when I skimmed that doc before looking for the limitations.  Anyone know if this is on the roadmap?  We have some odd requirements from outside agencies, one of which is to have that warning verbiage before logon.

Cisco seldom announces roadmap specifics publicly. I know some enhancements are expected in 6.3 but can't say whether or not that will be among them.

I for one have given them repeated feedback the that lack of feature parity between SSL VPN on FTD vs. ASA is a barrier to adoption and source of frustration for many customers.

Earlier we had ASA 5525 and I configured pre-connect message there (which was same as banner which Rahul mentioned). Now we have migrated this configuration on FTD 3130 but our users still see same pre-connect message. So, seems somehow it has been migrated from ASA to FTD and FTD has it somewhere in its configuration. But not sure where is this. 

@rajivkumar01092021 can you explain more specifically what pre-connect banner you see? There is a banner that you see during login but it comes after the user credentials are entered and accepted.

Hi Marvin, sorry for late reply, We actually see two banners. 2nd is that one which you mentioned "There is a banner that you see during login but it comes after the user credentials are entered and accepted."

But there is another one which pops up when user select URL from drop down and click on connect, then this banner is show. (It was configured on ASA by me before migration to FTD and it is same content as of second banner shown). 

It is shown only on first connection after a windows laptop reboot or if AnyConnect is completely exited and restarted then when user connects, then it will be shown. On subsequent connection it is not shown. 

Ah yes - I have seen that first pre-connect message myself. It started showing up with Secure Client 5 if I recall correctly.

I believe it is the message the Admin guide refers to here: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/admin/guide/b-cisco-secure-client-admin-guide-5-0/anyconnect-profile-editor.html?bookSearch=true#ID-1430-0000006c

I believe it shows up mistakenly on clients even though that box isn't selected, but I have not done an in-depth look to prove that.

Hi Marvin, It was coming in AnyConnect 4.10 (with FTD headend). Now I upgraded to Cisco Secure client 5.0.04050 and it is still present. 

@rajivkumar01092021 this has been bugging me and I got a chance to inquire directly to Aaron Woland at Cisco Live EMEA this week.

He explained that the startup of Secure Client / AnyConnect looks across ALL your profiles (not just the one you might be actively using) and if any of them have the pre-connect option selected for an SBL VPN profile that it will appear on your client. I researched mine and sure enough found one that I seldom use had the option selected.