Prohibited CLI Commands
The purpose of FlexConfig is to configure features that are available on ASA devices that you cannot configure on threat defense devices using management center.
Thus, you are prevented from configuring ASA features that have equivalents in management center. The following table lists some of these prohibited command areas.
In addition, some clear commands are prohibited because they overlap with managed policies, and can delete part of the configuration for a managed policy.
The FlexConfig object editor prevents you from including prohibited commands in the object.
|
Prohibited CLI Command |
Description |
|---|---|
|
AAA |
Configuration blocked. |
|
AAA-Server |
Configuration blocked. |
|
Access-list |
Advanced ACL, Extended ACL, and Standard ACL are blocked. Ethertype ACL is allowed. You can use standard and extended ACL objects defined in the object manager inside the template as variables. |
|
ARP Inspection |
Configuration blocked. |
|
As-path Object |
Configuration blocked. |
|
Banner |
Configuration blocked. |
|
BGP |
Configuration blocked. |
|
Clock |
Configuration blocked. |
|
Community-list Object |
Configuration blocked. |
|
Copy |
Configuration blocked. |
|
Delete |
Configuration blocked. |
|
DHCP |
Configuration blocked. |
|
Enable Password |
Configuration blocked. |
|
Erase |
Configuration blocked. |
|
Fragment Setting |
Blocked, except for fragment reassembly . |
|
Fsck |
Configuration blocked. |
|
HTTP |
Configuration blocked. |
|
ICMP |
Configuration blocked. |
|
Interface |
Only nameif, mode, shutdown, ip address and mac-address commands are blocked. |
|
Multicast Routing |
Configuration blocked. |
|
NAT |
Configuration blocked. |
|
Network Object/Object-group |
Network object creation in the FlexConfig object is blocked, but you can use network objects and groups defined in the object manager inside the template as variables. |
|
NTP |
Configuration blocked. |
|
OSPF/OSPFv3 |
Configuration blocked. |
|
pager |
Configuration blocked. |
|
Password Encryption |
Configuration blocked. |
|
Policy-list Object |
Configuration blocked. |
|
Prefix-list Object |
Configuration blocked. |
|
Reload |
You cannot schedule reloads. The system does not use the reload command to restart the system, it uses the reboot command. |
|
RIP |
Configuration blocked. |
|
Route-Map Object |
Route-map object creation in the FlexConfig object is blocked, but you can use route map objects defined in the object manager inside the template as variables. |
|
Service Object/Object-group |
Service object creation in the FlexConfig object is blocked, but you can use port objects defined in the object manager inside the template as variables. |
|
SNMP |
Configuration blocked. |
|
SSH |
Configuration blocked. |
|
Static Route |
Configuration blocked. |
|
Syslog |
Configuration blocked. |
|
Time Synchronization |
Configuration blocked. |
|
Timeout |
Configuration blocked. |
|
VPN |
Configuration blocked. |