Wednesday, April 1, 2020

Firepower Rant - AnyConnect SAML

I am slowly regretting my boss's decision to move all of our ASAs over to FTD Code, and then lifecycle them with the 2130s. As you all are probably aware, Anyconnect is severely limited on FTD. I did manage to get the Umbrella Connector working on Anyconnect via a flexconfig. I am now trying to get SAML deployed on the Anyconnect Policy, via Flexconfig. The problem I have is getting the Signing Cert added to the device. Wondering if anyone has successfully gotten it integrated even though it is not supported. Trying to avoid having to buy more Cisco Firewalls, just for VPN access.

PS. We could use RADIUS, but we are implementing MFA and it requires the user to type the method of Authentication at the end of their passwords, providing an absolutely terrible user experience



No comments:

Post a Comment