Cisco FirePOWER ASA 5500 series Configuration Manual page 614

Group Policies
Table 30-3
Keyword
auto-download
citrix
file-access
file-browsing
file-entry
filter
http-proxy
mapi
none
port-forward
url-entry
The following example shows how to configure file access, file browsing, and MAPI Proxy for the group
policy named FirstGroup:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# functions file-access file-browsing MAPI
hostname(config-group-webvpn)#
Applying Customization
Customizations determine the appearance of the windows that the user sees upon login. You configure
the customization parameters as part of configuring WebVPN. To apply a previously defined web-page
customization to change the look-and-feel of the web page that the user sees at login, enter the
customization command in group-policy webvpn configuration mode:
hostname(config-group-webvpn)# customization customization_name
hostname(config-group-webvpn)#
For example, to use the customization named blueborder, enter the following command:
hostname(config-group-webvpn)# customization blueborder
Cisco Security Appliance Command Line Configuration Guide
30-60
functions Command Keywords
Meaning
Automatically downloads the port forwarding applet
Enables Citrix
Enables or disables file access. When enabled, the WebVPN home page lists
file servers in the server list. You must enable file access to enable file
browsing and/or file entry.
Enables or disables browsing for file servers and shares. You must enable
file browsing to allow user entry of a file server.
Enables of disables user ability to enter names of file servers.
Applies a webtype access-list
Enables or disables the forwarding of an HTTP applet proxy to the client.
The proxy is useful for technologies that interfere with proper mangling,
such as Java, ActiveX, and Flash. It bypasses mangling while ensuring the
continued use of the security appliance. The forwarded proxy modifies the
browser's old proxy configuration automatically and redirects all HTTP and
HTTPS requests to the new proxy configuration. It supports virtually all
client side technologies, including HTML, CSS, JavaScript, VBScript,
ActiveX, and Java. The only browser it supports is Microsoft Internet
Explorer.
Enables or disables Microsoft Outlook/Exchange port forwarding.
Sets a null value for all WebVPN functions. Prevents inheriting functions
from a default or specified group policy
Enables port forwarding
Enables or disables user entry of URLs. When enabled, the security
appliance still restricts URLs with any configured URL or network ACLs.
When URL entry is disabled, the security appliance restricts WebVPN users
to the URLs on the home page.
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01