EN
No results found
We couldn't find anything using that term, please try searching for something else.
Firepower Management Center Device Configuration Guide, 7.1
2024-11-13 Access-Hours Y 1 String Single Name of the time range, for example, Busine
Access-Hours
Y
1
String
Single
Name of the time range, for example,
Business-hours
Access-List-Inbound
Y
86
String
Single
Both of the Access-List attributes take the name of an ACL that is configured on the FTD device . Create ACLs Smart CLI Extended Access List object type ( selectDevice > Advanced Configuration > Smart CLI > Objects).
These ACLs control traffic flow in the inbound (traffic entering the FTD device) or outbound (traffic leaving the FTD device ) direction .
Access-List-Outbound
Y
87
String
Single
Address-Pools
Y
217
String
Single
Define the network object on the Objects page and then associate the network object with a group policy or a connection profile.
Allow-Network-Extension-Mode
Y
64
Boolean
Single
0 = Disabled 1 = Enabled
Authenticated-User-Idle-Timeout
Y
50
Integer
Single
1 – 35791394 minutes
Authorization-DN-Field
Y
67
String
Single
Possible values: UID, OU, O, CN, L, SP, C, EA,
T, N, GN, SN, I, GENQ, DNQ, SER, use-entire-name
Authorization-Required
66
Integer
Single
0 = No 1 = Yes
Authorization-Type
Y
65
Integer
Single
0 = None 1 = RADIUS 2 = LDAP
Banner1
Y
15
String
Single
Banner string to display for Cisco VPN remote access sessions: IPsec IKEv1, AnyConnect SSL-TLS/DTLS/IKEv2, and Clientless SSL
Banner2
Y
36
String
Single
Banner string to display for Cisco VPN remote access sessions: IPsec IKEv1, AnyConnect SSL-TLS/DTLS/IKEv2, and Clientless SSL. The Banner2 string is concatenated to the Banner1 string , if configured.
Cisco-IP-Phone-Bypass
Y
51
Integer
Single
0 = Disabled 1 = Enabled
Cisco-LEAP-Bypass
Y
75
Integer
Single
0 = Disabled 1 = Enabled
Client Type
Y
150
Integer
Single
1 = Cisco VPN Client ( IKEv1 ) 2 =AnyConnect Client SSL VPN 3 = Clientless SSL VPN 4 = Cut-Through-Proxy 5 = L2TP/IPsec SSL VPN 6 = AnyConnect Client IPsec VPN (IKEv2)
Client-Type-Version-Limiting
Y
77
String
Single
IPsec VPN version number string
DHCP-Network-Scope
Y
61
String
Single
IP Address
Extended-Authentication-On-Rekey
Y
122
Integer
Single
0 = Disabled 1 = Enabled
Framed-Interface-Id
Y
96
String
Single
Assigned IPv6 interface ID. Combines with Framed – IPv6 – Prefix to
create a complete assigned IPv6 address. For example:
Framed-Interface-ID=1:1:1:1 combined with
Framed – IPv6 – Prefix=2001:0db8::/64 gives the assigned IP address
2001:0db8::1:1:1:1.
Framed – IPv6 – Prefix
Y
97
String
Single
Assigned IPv6 prefix and length. Combines with Framed-Interface-Id to
create a complete assigned IPv6 address. For example: prefix
2001:0db8::/64 combined with Framed-Interface-Id=1:1:1:1 gives the
IP address 2001:0db8::1:1:1:1. You can use this attribute to assign
an IP address without using Framed-Interface-Id, by assigning the
full IPv6 address with prefix length /128, for example,
Framed – IPv6 – Prefix=2001:0db8::1/128.
Group-Policy
Y
25
String
Single
Sets the group policy for the remote access VPN
session. You can use one of the following formats:
-
group policy
name -
OU=group
policy -
OU=group
policy;
IE-Proxy-Bypass-Local
83
Integer
Single
0 = None 1 = Local
IE-Proxy-Exception-List
82
String
Single
New line (\n) separated list of DNS domains
IE-Proxy-PAC-URL
Y
133
String
Single
PAC address string
IE-Proxy-Server
80
String
Single
IP address
IE-Proxy-Server-Policy
81
Integer
Single
1 = No Modify
2 = No Proxy
3 = Auto detect
4 =
Use Concentrator Setting
IKE-KeepAlive-Confidence-Interval
Y
68
Integer
Single
10 – 300 seconds
IKE-Keepalive-Retry-Interval
Y
84
Integer
Single
2-10 seconds
IKE-Keep-Alives
Y
41
Boolean
Single
0 = Disabled 1 = Enabled
Intercept-DHCP-Configure-Msg
Y
62
Boolean
Single
0 = Disabled 1 = Enabled
IPsec-Allow-Passwd-Store
Y
16
Boolean
Single
0 = Disabled 1 = Enabled
IPsec-Authentication
13
Integer
Single
0 =
1 = RADIUS
2 = LDAP ( authorization
)
3 = NT Domain
4 = SDI
5 = Internal
6 = RADIUS Expiry
7 =
Kerberos / Active Directory
IPsec-Auth-On-Rekey
Y
42
Boolean
Single
0 = Disabled 1 = Enabled
IPsec-Backup-Server-List
Y
60
String
Single
Server Addresses ( space delimited )
IPsec-Backup-Servers
Y
59
String
Single
1 = Use Client-Configured list
2 = Disable and
clear client list
3 = Use Backup Server list
IPsec-Client-Firewall-Filter-Name
57
String
Single
Specifies filter pushed
client firewall policy
IPsec-Client-Firewall-Filter-Optional
Y
58
Integer
Single
0 = Required 1 = Optional
IPsec-Default-Domain
Y
28
String
Single
Specifies the single default domain name to
send to the client (1-255 characters).
IPsec-IKE-Peer-ID-Check
Y
40
Integer
Single
1 = Required
2 = If supported by peer
certificate
3 = Do not check
IPsec-IP-Compression
Y
39
Integer
Single
0 = Disabled 1 = Enabled
IPsec-Mode-Config
Y
31
Boolean
Single
0 = Disabled 1 = Enabled
IPsec – – UDP
Y
34
Boolean
Single
0 = Disabled 1 = Enabled
IPsec-Over-UDP-Port
Y
35
Integer
Single
4001- 49151. The default is 10000.
IPsec-Required-Client-Firewall-Capability
Y
56
Integer
Single
0 = None
1 = Policy defined by remote FW
Are-You-There (AYT)
2 = Policy pushed CPP
4 = Policy from server
IPsec-Sec-Association
12
String
Single
Name of the security association
IPsec-Split-DNS-Names
Y
29
String
Single
Specifies list secondary domain names
send client ( 1 – 255 characters ) .
IPsec-Split-Tunneling-Policy
Y
55
Integer
Single
0 = No split tunneling
1 = Split tunneling
2 =
Local LAN permitted
IPsec-Split-Tunnel-List
Y
27
String
Single
Specifies the name of the network or ACL that
describes the split tunnel inclusion list.
IPsec-Tunnel-Type
Y
30
Integer
Single
1 = LAN-to-LAN 2 = Remote access
IPsec-User-Group-Lock
33
Boolean
Single
0 = Disabled 1 = Enabled
IPv6-Address-Pools
Y
218
String
Single
Name of IP local pool-IPv6
IPv6-VPN-Filter
Y
219
String
Single
ACL value
L2TP-Encryption
21
Integer
Single
Bitmap:
1 = Encryption required
2 = 40 bits
4 =
128 bits
8 = Stateless-Req
15= 40/128-Encr/Stateless-Req
L2TP – MPPC – Compression
38
Integer
Single
0 = Disabled 1 = Enabled
Member-Of
Y
145
String
Single
Comma-delimited string, for example:
Engineering, Sales
An administrative attribute that can be used in
dynamic access policies. It does not set a group policy.
MS-Client-Subnet-Mask
Y
63
Boolean
Single
IP address
NAC-Default-ACL
92
String
ACL
NAC – Enable
89
Integer
Single
0 = No 1 = Yes
NAC-Revalidation-Timer
91
Integer
Single
300-86400 seconds
NAC-Settings
Y
141
String
Single
Name of the NAC policy
NAC-Status-Query-Timer
90
Integer
Single
30-1800 seconds
Perfect-Forward-Secrecy-Enable
Y
88
Boolean
Single
0 = No 1 = Yes
PPTP-Encryption
20
Integer
Single
Bitmap:
1 = Encryption required
2 = 40 bits
4 =
128 bits
8 = Stateless-Required
15= 40/128-Encr/Stateless-Req
PPTP-MPPC-Compression
37
Integer
Single
0 = Disabled 1 = Enabled
Primary-DNS
Y
5
String
Single
IP address
Primary-WINS
Y
7
String
Single
IP address
Privilege-Level
Y
220
Integer
Single
integer 0 15 .
Required-Client- Firewall-Vendor-Code
Y
45
Integer
Single
1 = Cisco Systems (with Cisco Integrated
Client)
2 = Zone Labs
3 = NetworkICE
4 = Sygate
5 = Cisco Systems
(with Cisco Intrusion Prevention Security Agent)
Required-Client-Firewall-Description
Y
47
String
Single
String
Required-Client-Firewall-Product-Code
Y
46
Integer
Single
Cisco Systems Products:
1 = Cisco Intrusion Prevention Security Agent
or Cisco Integrated Client (CIC)
Zone Labs Products:
1 = Zone Alarm
2 = Zone
AlarmPro
3 = Zone Labs Integrity
NetworkICE Product : 1 = BlackIce Defender / Agent
Sygate Products:
1 = Personal Firewall
2 =
Personal Firewall Pro
3 = Security Agent
Required-Individual-User-Auth
Y
49
Integer
Single
0 = Disabled 1 = Enabled
Require-HW-Client-Auth
Y
48
Boolean
Single
0 = Disabled 1 = Enabled
Secondary-DNS
Y
6
String
Single
IP address
Secondary-WINS
Y
8
String
Single
IP address
SEP-Card-Assignment
9
Integer
Single
Not used
Session Subtype
Y
152
Integer
Single
0 = None
1 = Clientless
2 = Client
3 = Client
Only
Session Subtype applies only when the Session
Type (151) attribute has the following values: 1, 2, 3, and 4.
Session Type
Y
151
Integer
Single
0 = None
1 = AnyConnect Client SSL VPN
2 = AnyConnect Client IPSec VPN (IKEv2)
3 = Clientless SSL VPN
4 = Clientless Email Proxy
5 = Cisco VPN Client (IKEv1)
6 = IKEv1 LAN-LAN
7 = IKEv2
LAN-LAN
8 = VPN Load Balancing
Simultaneous-Logins
Y
2
Integer
Single
0-2147483647
Smart – Tunnel
Y
136
String
Single
Smart Tunnel
Smart-Tunnel-Auto
Y
138
Integer
Single
0 = Disabled 1 = Enabled 2 = AutoStart
Smart-Tunnel-Auto-Signon-Enable
Y
139
String
Single
Smart TunnelAuto Signon list
appended by the domain name
Strip-Realm
Y
135
Boolean
Single
0 = Disabled 1 = Enabled
SVC-Ask
Y
131
String
Single
0 = Disabled
1 = Enabled
3 = Enable default
service
5 = Enable default clientless
(2 and 4 not used)
SVC-Ask-Timeout
Y
132
Integer
Single
5-120 seconds
SVC-DPD-Interval-Client
Y
108
Integer
Single
0 = Off 5-3600 seconds
SVC-DPD-Interval-Gateway
Y
109
Integer
Single
0 = Off) 5-3600 seconds
SVC-DTLS
Y
123
Integer
Single
0 = False 1 = True
SVC-Keepalive
Y
107
Integer
Single
0 = Off 15-600 seconds
SVC-Modules
Y
127
String
Single
String(name of a module)
SVC – MTU
Y
125
Integer
Single
MTU value 256-1406 in bytes
SVC-Profiles
Y
128
String
Single
String(name of a profile)
SVC-Rekey-Time
Y
110
Integer
Single
0 = Disabled 1 – 10080 minutes
Tunnel Group Name
Y
146
String
Single
1 – 253 characters
Tunnel-Group-Lock
Y
85
String
Single
Name of the tunnel group or “none”
Tunneling-Protocols
Y
11
Integer
Single
1 = PPTP
2 = L2TP
4 = IPSec (IKEv1)
8 =
L2TP/IPSec
16= WebVPN
32 = SVC
64 = IPsec (IKEv2)
8 and 4 are
mutually exclusive.
0 – 11, 16- 27, 32 – 43, 48 – 59are legal
values.
Use-Client-Address
17
Boolean
Single
0 = Disabled 1 = Enabled
VLAN
Y
140
Integer
Single
0-4094
WebVPN-Access-List
Y
73
String
Single
Access-List name
WebVPN ACL
Y
73
String
Single
Name of a WebVPN ACL on the device
WebVPN-ActiveX-Relay
Y
137
Integer
Single
0 = Disabled Otherwise = Enabled
WebVPN-Apply-ACL
Y
102
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-Auto-HTTP-Signon
Y
124
String
Single
Reserved
WebVPN-Citrix-Metaframe-Enable
Y
101
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-Content-Filter-Parameters
Y
69
Integer
Single
1 = Java ActiveX is =
2 = Java Script
4 = Image
8 =
Cookies images
WebVPN-Customization
Y
113
String
Single
Name of the customization
WebVPN – Default – Homepage
Y
76
String
Single
URL http://example-example.com
WebVPN-Deny-Message
Y
116
String
Single
Valid string (up to 500 characters)
WebVPN-Download_Max-Size
Y
157
Integer
Single
0x7fffffff
WebVPN-File-Access-Enable
Y
94
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-File-Server-Browsing-Enable
Y
96
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-File-Server-Entry-Enable
Y
95
Integer
Single
0 = Disabled 1 = Enabled
WebVPN – Group – based – HTTP / HTTPS – Proxy – Exception – List
Y
78
String
Single
Comma-separated DNS/IP with an optional
wildcard (*) (for example *.cisco.com, 192.168.1.*, wwwin.cisco.com)
WebVPN – Hidden – Shares
Y
126
Integer
Single
0 = None 1 = Visible
WebVPN-Home-Page-Use-Smart – Tunnel
Y
228
Boolean
Single
Enabled if clientless home page is to be
rendered through Smart Tunnel.
WebVPN-HTML-Filter
Y
69
Bitmap
Single
1 = Java ActiveX
2 = Scripts
4 = Image
8 =
Cookies
WebVPN-HTTP-Compression
Y
120
Integer
Single
0 = Off 1 = Deflate Compression
WebVPN-HTTP-Proxy-IP-Address
Y
74
String
Single
Comma-separated DNS/IP:port, with http= or
https= prefix (for example http=10.10.10.10:80,
https=11.11.11.11:443)
WebVPN-Idle-Timeout-Alert-Interval
Y
148
Integer
Single
0-30. 0 = Disabled.
WebVPN-Keepalive-Ignore
Y
121
Integer
Single
0-900
WebVPN-Macro-Substitution
Y
223
String
Single
Unbounded .
WebVPN-Macro-Substitution
Y
224
String
Single
Unbounded.
WebVPN-Port-Forwarding-Enable
Y
97
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-Port-Forwarding-Exchange-Proxy-Enable
Y
98
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-Port-Forwarding-HTTP-Proxy
Y
99
Integer
Single
0 = Disabled 1 = Enabled
WebVPN – Port – Forwarding – List
Y
72
String
Single
Port forwarding list name
WebVPN-Port-Forwarding-Name
Y
79
String
Single
Stringname (example, “Corporate-Apps”).
This text replaces the default string,
“Application Access,” on the clientless portal home page.
WebVPN-Post-Max-Size
Y
159
Integer
Single
0x7fffffff
WebVPN-Session-Timeout-Alert-Interval
Y
149
Integer
Single
0-30. 0 = Disabled.
WebVPN Smart-Card-Removal-Disconnect
Y
225
Boolean
Single
0 = Disabled 1 = Enabled
WebVPN-Smart – Tunnel
Y
136
String
Single
Smart Tunnel
WebVPN-Smart-Tunnel-Auto-Sign-On
Y
139
String
Single
Smart Tunnelauto sign-on list
appended by the domain name
WebVPN-Smart-Tunnel-Auto-Start
Y
138
Integer
Single
0 = Disabled 1 = Enabled 2 = Auto Start
WebVPN-Smart-Tunnel-Tunnel-Policy
Y
227
String
Single
“ e networkname , ” “ networkname , ”
“ , ” networkname Smart Tunnel network list , e
indicates tunnel excluded , i is indicates indicates tunnel specified ,
indicates tunnels .
WebVPN-SSL-VPN-Client-Enable
Y
103
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-SSL-VPN-Client-Keep- Installation
Y
105
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-SSL-VPN-Client-Required
Y
104
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-SSO-Server-Name
Y
114
String
Single
Valid string
WebVPN-Storage-Key
Y
162
String
Single
WebVPN – Storage – Objects
Y
161
String
Single
WebVPN-SVC-Keepalive-Frequency
Y
107
Integer
Single
15-600 seconds, 0=Off
WebVPN – SVC – Client – DPD – Frequency
Y
108
Integer
Single
5-3600 seconds, 0=Off
WebVPN-SVC-DTLS-Enable
Y
123
Integer
Single
0 = Disabled 1 = Enabled
WebVPN – SVC – DTLS – MTU
Y
125
Integer
Single
MTU value is from 256-1406 bytes.
WebVPN-SVC-Gateway-DPD-Frequency
Y
109
Integer
Single
5-3600 seconds, 0=Off
WebVPN-SVC-Rekey-Time
Y
110
Integer
Single
4-10080 minutes, 0=Off
WebVPN-SVC-Rekey-Method
Y
111
Integer
Single
0 (Off), 1 (SSL), 2 (New Tunnel)
WebVPN-SVC-Compression
Y
112
Integer
Single
0 (Off), 1 (Deflate Compression)
WebVPN – UNIX – Group – ID ( GID )
Y
222
Integer
Single
Valid UNIX group IDs
WebVPN – UNIX – User – ID ( UIDs )
Y
221
Integer
Single
Valid UNIX user IDs
WebVPN-Upload-Max-Size
Y
158
Integer
Single
0x7fffffff
WebVPN-URL-Entry-Enable
Y
93
Integer
Single
0 = Disabled 1 = Enabled
WebVPN-URL-List
Y
71
String
Single
URL list name
WebVPN-User-Storage
Y
160
String
Single
WebVPN-VDI
Y
163
String
Single
List of settings