Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Need help securing ADSM for Cisco Firewall?

Good evening

We currently have Cisco ASA firewall with ADSM enabled for SSH, Telnet and http. We have installed our own SSL cert on the device which works fine.

However really we dont want the firewall to be accessible for other users via HTTP, going to the IP address should not return anything.

We access the firewall via ADSM application installed on our machines, I dont think we can simply disable HTTP for management as I think this disables the ADSM application remotely.

The firewall is with our hosting company, so we need to be able to manage it remotely via ADSM management tool. As we are not experts we would prefer sticking with the GUI.

Any recommendations ?

Thanks

Shane

Everyone's tags (4)
5 REPLIES
Cisco Employee

Re: Need help securing ADSM for Cisco Firewall?

Hi Shane,

You can do this from the Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH tab. Just make sure your entries for ASDM/HTTPS only contain IP addreses for devices you want to be able to manage the firewall. Anyone not in that list will be blocked from accessing ASDM.

Hope that helps.

-Mike

Community Member

Re: Need help securing ADSM for Cisco Firewall?

Hi Mike

I cannot really do this as our company has a dynamic IP for external access and also I need to be able to configure it from my laptop when on the move.

Any other ideas ?

Thanks

Shane

Cisco Employee

Re: Need help securing ADSM for Cisco Firewall?

Hi Shane,

It's a bit more involved, but you could setup a remote access VPN and setup ASDM to only allow external access to the IPs in the VPN pool. This way, you can provide the remote access credentials only to the administrators who should access the firewall.

Other than that, your best bet would be to do what Collin suggested and setup different user accounts with different privilege levels.

Hope that helps.

-Mike

Re: Need help securing ADSM for Cisco Firewall?

Shane-

You can create admin only accounts on the firewall. That won't prevent users from trying to access the site, but it will prevent actual logins and log people that are trying to access the system.

Community Member

Re: Need help securing ADSM for Cisco Firewall?

This is what we currently have but really I am not happy with this as a option.

Thanks

Shane

421
Views
0
Helpful
5
Replies
CreatePlease to create content