FTD File Objects

Use the Add and Edit File Object dialog boxes to create, and edit file objects. File objects represent files used in configurations, typically for remote access VPN policies. They can contain AnyConnect Client Profile and AnyConnect Client Image files.

Profiles are also created for each AnyConnect module and AnyConnect Management VPN using independent profile editors and deployed to administrator-defined end user requirements and authentication policies on endpoints as part of AnyConnect, and they make the preconfigured network profiles available to end users.

When you create a file object, the Cisco Defense Orchestrator makes a copy of the file in its repository. These files are backed up whenever you create a backup of the database, and they are restored if you restore the database. When copying a file to the platform to be used in a file object, do not copy the file directly to the file repository.

When you deploy configurations that specify a file object, the associated file is downloaded to the device in the appropriate directory.

You can click one of the following options against each file:

  • Download Click to download an AnyConnect file.

  • Edit Modify the file object details.

  • Delete Delete an AnyConnect file object. When you delete a file object, the associated file is not deleted from the file repository, only the object is deleted.

Navigation Path

Objects > Object Management > VPN > AnyConnect File > Add AnyConnect File.

Fields

  • Name and DescriptionEnter the name, up to 128 characters, and an optional description to identify this file object.

  • File Name and File TypeThe name and full path of the file, and its type. Click Browse to select the file, and choose the corresponding type.

    Only the AnyConnect Client Image and AnyConnect Client Profile types are valid, and they must be located on the Firepower Management Center platform to include them in a file object.

  • Name—Enter the name of the file to identify the file object; you can add up to 128 characters.

  • File Name—Click Browse to select the file. The file name and full path of the file are added when you select the file.

  • File Type—Choose the file type corresponding to the file you have selected. The following file types are available:

    • AnyConnect Client Image—Select this type when you add the AnyConnect client image you have downloaded from the Cisco Software Download Center.

      You can associate any new or additional AnyConnect client images to the remote access VPN policy. You can also unassociate the unsupported or end of life client packages that are no longer required.

    • AnyConnect VPN Profile—Choose this type for an AnyConnect VPN profile file.

      The profile file is created using the GUI-based AnyConnect Profile Editor, an independent configuration tool. See the AnyConnect Profile Editor chapter in the appropriate release of the Cisco AnyConnect Secure Mobility Client Administrator Guide for details.

    • AnyConnect Management VPN Profile—Select this type when you add a profile file for an AnyConnect management VPN tunnel.

      Download the AnyConnect VPN Management Tunnel Standalone Profile Editor from Cisco Software Download Center if you have not done already and create a profile with required settings for the AnyConnect management VPN tunnel.

    • AMP Enabler Service Profile—The profile is used for the AnyConnect AMP Enabler. The AMP Enabler along with this profile is pushed to the endpoints from FTD when a remote access VPN user connects to the VPN.

    • Feedback Profile—You can add a Customer Experience Feedback profile and select this type to receive information about the features and modules customers have enabled and use.

    • ISE Posture Profile—Choose this option if you are adding a profile file for the AnyConnect ISE Posture module.

    • NAM Service Profile—Configure and add the NAM profile file using the Network Access Manager profile editor.

    • Network Visibility Service Profile—Profile file for AnyConnect Network Visibility module. You can create the profile using the NVM profile editor.

    • Umbrella Roaming Security Profile—You must select this file type if you are deploying the Umbrella Roaming Security module using the .json file created using the profile editor.

    • Web Security Service Profile—Select this file type when you add a prole file for the Web security module.

    • HostScan Package—Select this file type when you add a HostScan Package file. This file is used while configuring a Dynamic Access Policy (DAP) to collect information about the operating system, anti-virus, anti-spyware, and firewall software installed on the endpoints.

    • AnyConnect External Browser Package—This file type is for selecting an external browser package file for SAML single sing-on web authentication.

      You can add an the package file when a new version of the external package file is available.

      For more information, see Configure AAA Settings for Remote Access VPN.

  • Description—Add an optional description.