Cisco FirePOWER ASA 5500 series Configuration Manual page 619
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
To remove the port forwarding attribute from the group-policy configuration, including a null value
created by issuing the port-forward none command, enter the no form of this command. The no option
allows inheritance of a list from another group policy. To prevent inheriting a port forwarding list, enter
the port-forward command with the none keyword. The none keyword indicates that there is no
filtering. It sets a null value, thereby disallowing a filtering, and prevents inheriting filtering values.
The syntax of the command is as follows:
hostname(config-group-webvpn)# port-forward {value listname | none}
hostname(config-group-webvpn)# no port-forward
The listname string following the keyword value identifies the list of applications WebVPN users can
access. Enter the port-forward command in webvpn configuration mode to define the list.
Using the command a second time overrides the previous setting.
The following example shows how to set a port-forwarding list called ports1 for the internal group policy
named FirstGroup:
hostname(config)# group-policy FirstGroup internal attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# port-forward value ports1
hostname(config-group-webvpn)#
Configuring the Port-Forwarding Display Name
Configure the display name that identifies TCP port forwarding to end users for a particular user or group
policy by using the port-forward-name command in group-policy webvpn configuration mode. To
delete the display name, including a null value created by using the port-forward-name none command,
enter the no form of the command. The no option restores the default name, Application Access. To
prevent a display name, enter the port-forward none command. The syntax of the command is as
follows:
hostname(config-group-webvpn)# port-forward-name {value
hostname(config-group-webvpn)# no port-forward-name
The following example shows how to set the name, Remote Access TCP Applications, for the internal
group policy named FirstGroup:
hostname(config)# group-policy FirstGroup internal attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# port-forward-name value Remote Access TCP Applications
hostname(config-group-webvpn)#
Configuring the Maximum Object Size to Ignore for Updating the Session Timer
Network devices exchange short keepalive messages to ensure that the virtual circuit between them is
still active. The length of these messages can vary. The keep-alive-ignore command lets you tell the
security appliance to consider all messages that are less than or equal to the specified size as keepalive
messages and not as traffic when updating the session timer. The range is 0 through 900 KB. The default
is 4 KB.
To specify the upper limit of the HTTP/HTTPS traffic, per transaction, to ignore, use the
keep-alive-ignore command in group-policy attributes webvpn configuration mode:
hostname(config-group-webvpn)# keep-alive-ignore size
hostname(config-group-webvpn)#
The no form of the command removes this specification from the configuration:
hostname(config-group-webvpn)# no keep-alive-ignore
hostname(config-group-webvpn)#
OL-10088-01
name
Cisco Security Appliance Command Line Configuration Guide
Group Policies
| none}
30-65
Advertisement
Table of Contents
Troubleshooting
