Cisco FPR version 7.2.5 is possible make group lock for local user

faruk.zaimovic · ‎04-17-2024

Hello ,

Cisco FPR version 7.2.5 is possible make group lock for local user that connect to local network over AnyConnect.

I want to make Anyconnect access in our network where we have more group policy, we can not find that we can lock local user for some group policy.

does anybody have same problem, and how to solve it ?

Thank you very much.

tvotna · ‎04-17-2024

I believe this feature is still not natively supported in the GUI:

CSCvz10754 ENH: RAVPN(FMC): Option to add attributes for Local user

You can try to use Flex config to generate same CLI on FTD as on ASA to lock users:

user <name> attributes
group-lock value <tunnel-group>

faruk.zaimovic · ‎04-17-2024

HI,

I tried, and it is unsupprted.

MHM Cisco World · ‎04-17-2024

This feature is depend on that user is local in db of ftd'

You use AD ? What is the connection profile ypu use' can you share screenshots of auth server page?

MHM

faruk.zaimovic · ‎04-17-2024

thank you for your resonse. i want to use local user, same as cisco ASA have that feature.

i have that user in local in db. it is so strange why it is not accept.

> show running-config username

username zsanjin password ***** encrypted

thank you

Aref Alsouqi · ‎04-18-2024

Interesting because the "username" command doesn't seem to be part of the blacklisted commands on FlexConfig. Does the error show you anything if you try to scroll down using the little arrows? also, did you try without adding any spaces on the "group-lock" line?

Cisco Secure Firewall Management Center Device Configuration Guide, 7.2 - FlexConfig Policies [Cisco Secure Firewall Management Center] - Cisco

faruk.zaimovic · ‎04-18-2024

Hello,

Thank you very much for your response.

I tried to add username and password only it show unsupported.