Cisco ASA Series Cli Configuration Manual page 881

Configuring the Identity Firewall
This chapter describes how to configure the ASA for the Identity Firewall. The chapter includes the
following sections:
•
•
•
•
•
•
•
Information About the Identity Firewall
This section includes the following topics:
•
•
•
•
Overview of the Identity Firewall
In an enterprise, users often need access to one or more server resources. Typically, a firewall is not
aware of the users' identities and, therefore, cannot apply security policies based on identity. To
configure per-user access policies, you must configure a user authentication proxy, which requires user
interaction (a user name/password query).
The Identity Firewall in the ASA provides more granular access control based on users' identities. You
can configure access rules and security policies based on user names and user groups name rather than
through source IP addresses. The ASA applies the security policies based on an association of IP
addresses to Windows Active Directory login information and reports events based on the mapped user
names instead of network IP addresses.
Information About the Identity Firewall, page 1-1
Licensing for the Identity Firewall, page 1-7
Guidelines and Limitations, page 1-7
Prerequisites, page 1-8
Configuring the Identity Firewall, page 1-9
Monitoring the Identity Firewall, page 1-21
Feature History for the Identity Firewall, page 1-24
Overview of the Identity Firewall, page 1-1
Architecture for Identity Firewall Deployments, page 1-2
Features of the Identity Firewall, page 1-3
Deployment Scenarios, page 1-4
1
C H A P T E R
Cisco ASA Series CLI Configuration Guide
1-1