https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350622#M783449 <HTML><HEAD></HEAD><BODY><P>Hi Solpandor,</P><P>I cannot use an ACL without a lot of re-design of my networks. I would also have to probably write AD Login scripts to change people's subnet.</P><P>Am specifically looking for Frewall Integration with AD.<BR />Thanks</P></BODY></HTML> Mon, 11 Jan 2010 16:47:19 GMT karthik_rao 2010-01-11T16:47:19Z https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350620#M783376 <P>Hi,</P><P>Am trying to undestand if I can use an ASA 5510 to set up firewall policies for AD Groups.</P><P>E.g. I have an AD group allowed_users that I want to allow access to the internet.</P><P>Can I integrate an ASA with my AD, and then create a Policy that allows this group access to port 80/443 to all external IPs?</P><P>I found help on the Cisco Site for Tunnel Groups, but that is not what I want.</P><P>Am a newbie/non-technical evaluator and would appreciate any pointers.</P><P>TIA</P><P>Kar</P><P>Jogged this thread on 20 Jan. Hope to receive some expert advise on this now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 11 Mar 2019 16:55:53 GMT https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350620#M783376 karthik_rao 2019-03-11T16:55:53Z https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350621#M783413 <HTML><HEAD></HEAD><BODY><P>karthik</P><P></P><P>i dont think you can do it that way -&nbsp; (experts pls correct if im wrong)</P><P></P><P>are your AD groups on different subnets? if so then you can do it via ACL where you create and access list for the subnet you want to allow all access and then deny the rest</P><P></P><P></P><P>HTH</P></BODY></HTML> Mon, 11 Jan 2010 16:40:48 GMT https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350621#M783413 SOL10 2010-01-11T16:40:48Z https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350622#M783449 <HTML><HEAD></HEAD><BODY><P>Hi Solpandor,</P><P>I cannot use an ACL without a lot of re-design of my networks. I would also have to probably write AD Login scripts to change people's subnet.</P><P>Am specifically looking for Frewall Integration with AD.<BR />Thanks</P></BODY></HTML> Mon, 11 Jan 2010 16:47:19 GMT https://community.cisco.com/t5/network-security/using-active-directory-groups-in-firewall-policy/m-p/1350622#M783449 karthik_rao 2010-01-11T16:47:19Z