06-30-2021 12:29 PM
Dear colleagues,
I hope you are doing well, I have some difficulties to activate the (start before logon) feature I hope anyone can help me with that.
I have two ASA Cisco Firepower Threat Defense on ASA5516-X Threat Defense V 6.4.0.7 with HA mode managed by Firewall Management Center ,what I need is a configuration steps to activate the (start before logon) feature.
Thanks in advanced.
Solved! Go to Solution.
07-04-2021 09:10 AM
@sami.poles the certificate on the ASA needs to be trusted by the computer connecting to the VPN.
Normally you'd have a certificate installed on the ASA that is signed by a public CA, such as Verisign or GoDaddy, most computers have the CAs root certificate on their computer so will trust the connection and no errors are received.
If you are using a self-signed certificate on the ASA, then no computer will trust that by default. You need to export that certificate and install on each computer, so you no longer receive a warning.
06-30-2021 12:37 PM
What exactly is the problem you are having?
Here is the guide to deploy SBL
With FTD 6.4 you cannot deploy SBL modules from the FTD (like you can with ASA), this feature is available from FTD 6.7+.
You will need to pre-deploy the SBL profile configuration and module manually to the laptops.
06-30-2021 01:19 PM
thanks for your fast response
I will try to configure it manually and feedback you.
Thanks a lot
07-04-2021 08:48 AM
I hope you are in good health,
I tried to configure it from windows but the same error appear again find the attached file:
its required from our company.
B.R,
Sami Napoleon
07-04-2021 09:00 AM
07-04-2021 09:02 AM
which certificate? Did you mean cert related to ASA its signed self?
or what did you mean? And how to make it trusted?
B.R,
07-04-2021 09:10 AM
@sami.poles the certificate on the ASA needs to be trusted by the computer connecting to the VPN.
Normally you'd have a certificate installed on the ASA that is signed by a public CA, such as Verisign or GoDaddy, most computers have the CAs root certificate on their computer so will trust the connection and no errors are received.
If you are using a self-signed certificate on the ASA, then no computer will trust that by default. You need to export that certificate and install on each computer, so you no longer receive a warning.
07-04-2021 09:43 AM
can you please tell me how to export the self-signed certificate because I'm trying with no hope?
B.R,
07-04-2021 11:23 PM
06-30-2021 01:28 PM
how can to pre-deploy the SBL profile configuration and module manually to the laptops?
Im using an annyconnect.
can you help me more?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide