Cisco ASA 5506-X Configuration Manual page 319
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Chapter 14
ASA and Cisco Cloud Web Security
•
You can determine if a user's traffic is being redirected to the proxy servers by accessing the following
URL from the client machine. The page will show a message indicating whether the user is currently
using the service.
http://Whoami.scansafe.net
Examples for Cisco Cloud Web Security
Following are some examples for configuring Cloud Web Security.
•
•
Cloud Web Security Example with Identity Firewall
The following example shows a complete configuration for Cisco Cloud Web Security in single context
mode, including the optional configuration for identity firewall.
Configure Cloud Web Security on the ASA.
Step 1
hostname(config)# scansafe general-options
hostname(cfg-scansafe)# server primary ip 192.168.115.225
hostname(cfg-scansafe)# retry-count 5
hostname(cfg-scansafe)# license 366C1D3F5CE67D33D3E9ACEC265261E5
Step 2
Configure identity firewall settings.
Because groups are a key feature of ScanCenter policies, you should consider enabling the identity
firewall if you are not already using it. However, identity firewall is optional. The following example
shows how to define the Active Directory (AD) server, the AD agent, configure identity firewall settings,
and enable the user identity monitor for a few groups.
aaa-server AD protocol ldap
aaa-server AD (inside) host 192.168.116.220
server-port 389
ldap-base-dn DC=ASASCANLAB,DC=local
ldap-scope subtree
ldap-login-password *****
ldap-login-dn cn=administrator,cn=Users,dc=asascanlab,dc=local
server-type microsoft
aaa-server adagent protocol radius
ad-agent-mode
aaa-server adagent (inside) host 192.168.116.220
key *****
user-identity domain ASASCANLAB aaa-server AD
user-identity default-domain ASASCANLAB
user-identity action netbios-response-fail remove-user-ip
user-identity poll-import-user-group-timer hours 1
user-identity ad-agent aaa-server adagent
user-identity user-not-found enable
user-identity monitor user-group ASASCANLAB\\GROUP1
Number of HTTP connections dropped because of errors: 0
Number of HTTPS connections dropped because of errors: 0
show conn scansafe
Shows all Cloud Web Security connections, as noted by the capitol Z flag.
Cloud Web Security Example with Identity Firewall, page 14-15
Active Directory Integration Example for Identity Firewall, page 14-17
Examples for Cisco Cloud Web Security
Cisco ASA Series Firewall CLI Configuration Guide
14-15
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
