Configuring An Internal Group Policy - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Group Policies
Configuring an Internal Group Policy
To configure an internal group policy, specify a name and type for the group policy:
hostname(config)# group-policy group_policy_name type
hostname(config)#
For example, the following command creates the internal group policy named GroupPolicy1:
hostname(config)# group-policy GroupPolicy1 internal
hostname(config)#
The default type is internal.
You can initialize the attributes of an internal group policy to the values of a preexisting group policy by
appending the keyword from and specifying the name of the existing policy:
hostname(config)# group-policy group_policy_name internal from group_policy_name
hostname(config-group-policy)#
hostname(config-group-policy)#
Configuring Group Policy Attributes
For internal group policies, you can specify particular attribute values. To begin, enter group-policy
attributes mode, by entering the group-policy attributes command in global configuration mode.
hostname(config)# group-policy name attributes
hostname(config-group-policy)#
The prompt changes to indicate the mode change. The group-policy-attributes mode lets you configure
attribute-value pairs for a specified group policy. In group-policy-attributes mode, explicitly configure
the attribute-value pairs that you do not want to inherit from the default group. The commands to do this
are described in the following sections.
Configuring WINS and DNS Servers
You can specify primary and secondary WINS servers and DNS servers. The default value in each case
is none. To specify these servers, do the following steps:
Specify the primary and secondary WINS servers:
Step 1
hostname(config-group-policy)# wins-server value {ip_address [ip_address] | none}
hostname(config-group-policy)#
The first IP address specified is that of the primary WINS server. The second (optional) IP address is
that of the secondary WINS server. Specifying the none keyword instead of an IP address sets WINS
servers to a null value, which allows no WINS servers and prevents inheriting a value from a default or
specified group policy.
Every time that you enter the wins-server command, you overwrite the existing setting. For example, if
you configure WINS server x.x.x.x and then configure WINS server y.y.y.y, the second command
overwrites the first, and y.y.y.y becomes the sole WINS server. The same is true for multiple servers. To
add a WINS server rather than overwrite previously configured servers, include the IP addresses of all
WINS servers when you enter this command.
The following example shows how to configure WINS servers with the IP addresses 10.10.10.15 and
10.10.10.30 for the group policy named FirstGroup:
Cisco Security Appliance Command Line Configuration Guide
30-34
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
