Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. Firepower 1010
  6. Getting started

Cisco Firepower 1010 Getting Started page 5

Hide thumbs Also See for Firepower 1010:

Advertisement

Getting Started
Feature
Password management for remote
access VPN (MSCHAPv2).
AnyConnect VPN SAML External
Browser
Administrative and Troubleshooting Features
Dynamic Domain Name System
(DDNS) support for updating
fully-qualified domain name
(FQDN) to IP address mappings for
system interfaces.
The dig command replaces the
nslookup command in the device
CLI.
Description
You can enable password management for remote access VPN. This
allows AnyConnect to prompt the user to change an expired password.
Without password management, users must change expired passwords
directly with the AAA server, and AnyConnect does not prompt the user
to change passwords. For LDAP servers, you can also set a warning
period to notify users of upcoming password expiration.
We added the Enable Password Management option to the authentication
settings for remote access VPN connection profiles.
When you use SAML as the primary authentication method for a remote
access VPN connection profile, you can elect to have the AnyConnect
client use the client's local browser instead of the AnyConnect embedded
browser to perform the web authentication. This option enables single
sign-on (SSO) between your VPN authentication and other corporate
logins. Also choose this option if you want to support web authentication
methods, such as biometric authentication, that cannot be performed in
the embedded browser.
We updated the remote access VPN connection profile wizard to allow
you to configure the SAML Login Experience.
You can configure DDNS for the interfaces on the system to send
dynamic updates to DNS servers. This helps ensure that FQDNs defined
for the interfaces resolve to the correct address, making it easier for
users to access the system using a hostname rather than an IP address.
This is especially useful for interfaces that get their addresses using
DHCP, but it is also useful for statically-addressed interfaces.
After upgrade, if you had used FlexConfig to configure DDNS, you
must redo your configuration using FDM or the Firepower Threat
Defense API, and remove the DDNS FlexConfig object from the
FlexConfig policy, before you can deploy changes again.
If you configure DDNS using FDM, then switch to FMC management,
the DDNS configuration is retained so that FMC can find the system
using the DNS name.
In FDM, we added the System Settings > DDNS Service page. In the
Firepower Threat Defense API, we added the DDNSService and
DDNSInterfaceSettings resources.
To look up the IP address of a fully-qualified domain name (FQDN) in
the device CLI, use the dig command. The nslookup command has been
removed.
New Features in FDM/FTD Version 7.1.0
Getting Started
5

Advertisement

loading

Related Manuals for Cisco Firepower 1010

Related Products for Cisco Firepower 1010

This manual is also suitable for:

Firepower 1120Firepower 1140Firepower 1150Firepower 2110Firepower 2120Firepower 2130 ... Show all