Internal Website and File Shares
By default, there are a number of different options that are enabled without performing more than a few lines of configuration. Some of these options include the ability to access (via SSL) internal websites (HTTP and HTTPS), and file shares (CIFS and FTP).
There are a couple of different ways to disable these options: alter the default group policy to disable these options and/or to create a new group policy and insert specific users into that group, which can be configured to disable this access. Table 3 shows the configuration commands that can be used to alter the default group policy to disable web and file access options.
Table 3: Configure Internal Website and File Share Options
1 |
Enter the default group policy attribute configuration mode. |
asa(config)#group-policy DfltGrpPolicy attributes |
2 |
Enter WebVPN sub-configuration mode. |
asa(config-group-policy)#webvpn |
3 |
Disable the ability to enter internal website URLs. |
asa(config-group-webvpn)#url-entry disable |
|
OR |
|
3 |
Disable the ability to enter internal file share URLs. |
asa(config-group-webvpn)#file-entry disable |
|
OR |
|
3 |
Disable the ability browse for internal file shares. |
asa(config-group-webvpn)#file-browsing disable |