Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
1
Helpful
3
Replies

Secure ra-vpn with MFA on FDM

Go to solution
haroungh
Level 1
Level 1

‎12-15-2024 05:59 AM

I’m working on securing RA-VPN (Anyconnect) on Cisco Firepower Device Manager (FDM), Not FMC  and would like to understand its compatibility with Multi-Factor Authentication (MFA) solutions.

  • Which MFA solutions integrate seamlessly with FDM?, is it supportfing Office 365 MFA solution ?
  • Any specific configurations or challenges to be aware of?
  • Best practices for implementing MFA with FDM?
  • is it possible to integrate it with ISE ? 

Your expertise and recommendations would be greatly appreciated.

Feel free to share your thoughts in the comments or message me directly.

#Anyconnect #CiscoFDM #MFA #NetworkSecurity

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to haroungh

‎12-15-2024 07:14 AM - edited ‎12-15-2024 07:18 AM

@haroungh the Azure MFA link provided is for FDM - "Configure RAVPN with SAML Authentication Using Azure as IdP on FTD Managed by FDM" The other link is the FDM admin guide.

Your screenshot is referencing features introduced in 6.4, the current version 7.6. Since 6.4 SAML authentication has been introduced.

FDM supports SAML for RAVPN authentication, so if the other MFA solutions used SAML then I would expect it to work. Or if the solution i.e. FortiAuthenticator supports RADIUS authentication then you can also set the FDM authentication to use RADIUS for MFA.

 

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎12-15-2024 06:13 AM - edited ‎12-15-2024 06:55 AM

@haroungh

Cisco has a guide to integrate FDM with Cisco Duo, which would be Cisco's recommended MFA solution - https://duo.com/docs/cisco-firepower

Do you mean Azure MFA? Cisco also has an integration guide https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221659-configure-ravpn-with-saml-authentication.html

You can also easily integrate FDM RAVPN with any RADIUS server, including ISE - https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-ravpn.html

When you do integrate MFA with FDM the default timeout is too low to allow the user enough time to enter the second factor authentication, so you should increase the timeout to 60 seconds (Cisco recommended).

Ideally using FMC (on premise or cloud with cdFMC) would be recommended, as using FDM supports less features.

 

 

 

0 Helpful

Go to solution
haroungh
Level 1
Level 1

‎12-15-2024 07:06 AM

Hi Rob,

thanks for your answers .

the link you shared is for FMC not FDM ,

as per the link bellow  the FDM support only DUO and RSA   for MFA , what about FortiAuthenticator and other MFA ?

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/roadmap/device-manager-new-features-by-release.html#new-features-fdm-740

 

 

 

Regards

 

Preview file
25 KB
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to haroungh

‎12-15-2024 07:14 AM - edited ‎12-15-2024 07:18 AM

@haroungh the Azure MFA link provided is for FDM - "Configure RAVPN with SAML Authentication Using Azure as IdP on FTD Managed by FDM" The other link is the FDM admin guide.

Your screenshot is referencing features introduced in 6.4, the current version 7.6. Since 6.4 SAML authentication has been introduced.

FDM supports SAML for RAVPN authentication, so if the other MFA solutions used SAML then I would expect it to work. Or if the solution i.e. FortiAuthenticator supports RADIUS authentication then you can also set the FDM authentication to use RADIUS for MFA.

 

Customers Also Viewed These Support Documents