HTTP Access
You can enable the HTTPS server to provide a health check mechanism for a cloud load balancer, for example, for the threat defense virtual on AWS using an Application Load Balancer.
Other uses for HTTPs on the threat defense are not supported; for example, the threat defense does not have a web interface for configuration in this management mode.
This configuration only applies to data interfaces, including any you have configured as management-only. It does not apply to the dedicated Management interface. The Management interface is separate from the other interfaces on the device. It is used to set up and register the device to the management center. It has a separate IP address and static routing.
To use HTTPS, you do not need an access rule allowing the host IP address. You only need to configure HTTPS access according to this section.
You can only use HTTPS to a reachable interface; if your HTTPS host is located on the outside interface, you can only initiate a management connection directly to the outside interface.
Before you begin
-
You cannot configure both HTTPS and AnyConnect VPN module of Cisco Secure Client on the same interface for the same TCP port. For example, if you configure remote access SSL VPN on the outside interface, you cannot also open the outside interface for HTTPS connections on port 443. If you must configure both features on the same interface, use different ports. For example, open HTTPS on port 4443.
-
You need network objects that define the hosts or networks you will allow to make HTTPS connections to the device. You can add objects as part of the procedure, but if you want to use object groups to identify a group of IP addresses, ensure that the groups needed in the rules already exist. Select
to configure objects.NoteYou cannot use the system-provided any network object group. Instead, use any-ipv4 or any-ipv6.
Procedure
Step 1 | Choose threat defense policy. and create or edit the |
Step 2 | Select HTTP Access. |
Step 3 | Check the Enable HTTP Server check box to enable the HTTP server. |
Step 4 | (Optional) Change the HTTP port. The default is 443. |
Step 5 | Identify the interfaces and IP addresses that allow HTTP connections. Use this table to limit which interfaces will accept HTTP connections, and the IP addresses of the clients who are allowed to make those connections. You can use network addresses rather than individual IP addresses. |
Step 6 | Click Save. You can now go to and deploy the policy to assigned devices. The changes are not active until you deploy them. |