Cisco FirePOWER ASA 5500 series Configuration Manual page 620
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Group Policies
The following example sets the maximum size of objects to ignore as 5 KB:
hostname(config-group-webvpn)# keep-alive-ignore 5
hostname(config-group-webvpn)#
Specifying HTTP Compression
Enable compression of http data over a WebVPN connection for a specific group or user by entering the
http-comp command in the group policy webvpn mode.
hostname(config-group-webvpn)# http-comp {gzip | none}
hostname(config-group-webvpn)#
To remove the command from the configuration and cause the value to be inherited, use the no form of
the command:
hostname(config-group-webvpn)# no http-comp {gzip | none}
hostname(config-group-webvpn)#
The syntax of this command is as follows:
•
•
For WebVPN connections, the compression command configured from global configuration mode
overrides the http-comp command configured in group policy and username webvpn modes.
In the following example, compression is disabled for the group-policy sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# http-comp none
hostname(config-group-webvpn)#
Specifying the SSO Server
Single sign-on support, available only for WebVPN, lets users access different secure services on
different servers without reentering a username and password more than once. The sso-server value
command, when entered in group-policy-webvpn mode, lets you assign an SSO server to a group policy.
To assign an SSO server to a group policy, use the sso-server value command in group-policy-webvpn
configuration mode. This command requires that your configuration include CA SiteMinder command.
hostname(config-group-webvpn)# sso-server value server_name
hostname(config-group-webvpn)#
To remove the assignment and use the default policy, use the no form of this command. To prevent
inheriting the default policy, use the sso-server none command.
hostname(config-group-webvpn)# sso-server {value server_name | none}
hostname(config-group-webvpn)# [no] sso-server value server_name
The default policy assigned to the SSO server is DfltGrpPolicy.
The following example creates the group policy "my-sso-grp-pol" and assigns it to the SSO server
named "example":
hostname(config)# group-policy my-sso-grp-pol internal
hostname(config)# group-policy my-sso-grp-pol attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# sso-server value example
hostname(config-group-webvpn)#
Cisco Security Appliance Command Line Configuration Guide
30-66
gzip—Specifies compression is enabled for the group or user. This is the default value.
none—Specifies compression is disabled for the group or user.
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
