Home > Articles > Cisco

  • Print
  • + Share This
From the author of Internal Website and File Shares

Internal Website and File Shares

By default, there are a number of different options that are enabled without performing more than a few lines of configuration. Some of these options include the ability to access (via SSL) internal websites (HTTP and HTTPS), and file shares (CIFS and FTP).

There are a couple of different ways to disable these options: alter the default group policy to disable these options and/or to create a new group policy and insert specific users into that group, which can be configured to disable this access. Table 3 shows the configuration commands that can be used to alter the default group policy to disable web and file access options.

Table 3: Configure Internal Website and File Share Options

1

Enter the default group policy attribute configuration mode.

asa(config)#group-policy DfltGrpPolicy attributes

2

Enter WebVPN sub-configuration mode.

asa(config-group-policy)#webvpn

3

Disable the ability to enter internal website URLs.

asa(config-group-webvpn)#url-entry disable


OR


3

Disable the ability to enter internal file share URLs.

asa(config-group-webvpn)#file-entry disable


OR


3

Disable the ability browse for internal file shares.

asa(config-group-webvpn)#file-browsing disable

  • + Share This
  • 🔖 Save To Your Account