Identity Firewall; About The Identity Firewall - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Identity Firewall
This chapter describes how to configure the ASA for the Identity Firewall.
•
•
•
•
•
•
About the Identity Firewall
In an enterprise, users often need access to one or more server resources. Typically, a firewall is not
aware of the users' identities and, therefore, cannot apply security policies based on identity. To
configure per-user access policies, you must configure a user authentication proxy, which requires user
interaction (a username/password query).
The Identity Firewall in the ASA provides more granular access control based on users' identities. You
can configure access rules and security policies based on user names and user group names rather than
through source IP addresses. The ASA applies the security policies based on an association of IP
addresses to Windows Active Directory login information and reports events based on the mapped
usernames instead of network IP addresses.
The Identity Firewall integrates with Microsoft Active Directory in conjunction with an external Active
Directory (AD) Agent that provides the actual identity mapping. The ASA uses Windows Active
Directory as the source to retrieve the current user identity information for specific IP addresses and
allows transparent authentication for Active Directory users.
Identity-based firewall services enhance the existing access control and security policy mechanisms by
allowing users or groups to be specified in place of source IP addresses. Identity-based security policies
can be interleaved without restriction between traditional IP address-based rules.
The key benefits of the Identity Firewall include:
•
•
•
•
About the Identity Firewall, page 5-1
Guidelines for the Identity Firewall, page 5-7
Prerequisites for the Identity Firewall, page 5-9
Configure the Identity Firewall, page 5-10
Examples for the Identity Firewall, page 5-19
History for the Identity Firewall, page 5-22
Decoupling network topology from security policies
Simplifying the creation of security policies
Providing the ability to easily identify user activities on network resources
Simplifying user activity monitoring
C H A P T E R
Cisco ASA Series Firewall CLI Configuration Guide
5
5-1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
