Cisco ASA firewall operator

Krasnoperov — Mon, 11 Mar 2019 23:12:38 GMT

Hi,

I have an ASA 5585, I need to create user that have can only add, remove ,change rules in firewall section in ASDM, for other sections just read-only rights.

Anyone have this experience?

thanks

Cisco ASA firewall operator

Jennifer Halim — Mon, 28 May 2012 11:40:46 GMT

You can't unfortunately specify just the firewall section for read/write access.

You can configure command authorization for specific command that you would like read/write access, however, in your case, the command would be access-list and access-list can belong to different section, ie: firewall, NAT, VPN, etc.

If you are interested, here is the document on command authorization for you reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/access_management.html#wp1145888

Otherwise, the ASA only have 3 level of privileges:

- Admin (privilege level 15, with full access to all CLI commands;

- Read Only (privilege level 5, with read-only access); and

- Monitor Only (privilege level 3, with access to the Monitoring section only).

topic Cisco ASA firewall operator in Network Security

Cisco ASA firewall operator

Cisco ASA firewall operator