12-18-2014 11:42 AM - edited 03-11-2019 10:14 PM
I have been tasked with getting so that our ASA rules have visibility to what user is hitting a rule (not necessarily to enforce rules that way, yet). I am not sure where to even start this process.
I see the "Identity Options" policiy in CSM, which I am guessing is where to configure this, but I have no idea of the overall process. Anyone have a suggestion as to where to start, and/or if there is an overview document somewhere?
Solved! Go to Solution.
12-18-2014 12:52 PM
The identity firewall is pretty good documented in the config-guide:
You need the CDA for the Identity-firewall:
http://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10.html
12-18-2014 12:52 PM
The identity firewall is pretty good documented in the config-guide:
You need the CDA for the Identity-firewall:
http://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10.html
12-18-2014 01:47 PM
Karsten, thanks. Those look like good links (they *work*, for sure...;^) and will be useful. I'll come back and mark this Correct as soon as I read them.
Thanks again.
12-19-2014 11:12 AM
Karsten, one thing we'll want is to test first, of course - do you happen to know if I can then specify "Any" for User/Group in a rule, and have the UserID and/or Group be in the log messages?
Thanks again.
12-19-2014 11:20 AM
"any" user or group is the default for all ACEs. When you configure the identity-firewall you don't need to change your rules directly. If the ASA knows the user-mapping, it will show this in the logs.
12-19-2014 02:31 PM
Excellent, thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide