02-25-2021 05:20 AM
I have A & B group of RA-VPN with Firepower using FDM.
Right now, A user can login A & B group.
I want A user only can login A group and B user only can login B group.
How can I do ?
Lastly, I set up the secondary identity source and I use the common password
but it still use primary password to login.
what’s the common password meaning?
02-25-2021 09:35 AM - edited 02-26-2021 04:39 AM
that's a good question, I have this problem too. I started using vpn without logs to protect my ptivacy, it works well. Now I have no issues at all and have access to any blocked content. That's convy.
02-27-2021 08:15 AM
Hello ~
02-28-2021 10:31 PM
If you are using local authentication for group A and B, then users (since they are part of the same local database) will be able to access both groups on FTD.
What you can do is have the users connect to specific URLs to access resources. i.e. For A user, they could connect to group-url of https://1.1.1.1/Finance, and B user could connect to group-url of https://1.1.1.1/Sales. Again, this doesn't stop users from accessing the other group on FTD.
Regarding common password,
"Select Common Password to use the same password for every user, then enter that password in the Common Password field."
The rationale is to have another password that is common to all the users configured on FDM. As you observed, you will still get a prompt for a secondary password and users will need to enter that password.
Thank you,
Dinesh Moudgil
P.S. Please rate helpful posts.
03-01-2021 12:51 AM
Adding to what @Dinesh Moudgil correctly described, if you use remote authentication you can restrict access of users on a per group basis. With local authentication on FTD this is not possible as of the current release 6.7.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: