Solved: ASDM access-list

adamgibs7 · ‎05-09-2018

Dears,

I have been seeing the user option in ASDM gui as per the attached , how I can utilize that, for example it will act as a source and destination with a particular user grant him access or else block him, do we have any single sign on option like fortigate so that users are authenticated while windows login.

thanks

Rob Ingram · ‎05-22-2018

This document describes the difference between ISE and ISE-PIC, it's basically a cut down version of ISE. Refer to the document as it clearly list what functionality is or is not supported in PIC.

No I do not believe you can use pxgrid with fortinet.

View solution in original post

Rob Ingram · ‎05-09-2018

Hi,

I think this is exactly what you are looking for, this uses the ASA AD Agent, however I don't think the AD agent is supported any longer. You could achieve the same result by integrating with ISE, sending trustsec tags from ISE to ASA using SXP and then create a rule from source TrustSec SGT.

HTH

adamgibs7 · ‎05-11-2018

Dear RJI

thanks for the reply,

If anybody don't have ISE then will it work with CDA.??

Thanks

Florin Barhala · ‎05-11-2018

As mentioned CDA is phased out. Would you really aim to work with an obsolete software that basically controls your network access and your business flow?
Do you already have it bought (CDA)?

How many users you have behind this firewall: 100+, 500+?

adamgibs7 · ‎05-11-2018

from the links provided what I understand is AD user agent is different than the context directory Agent, and context directory agent are still supported please correct me if I m wrong.

adamgibs7 · ‎05-15-2018

Dears

Any update experts, the thoughts are correct ??? the CDA is just updated in 2017

Rob Ingram · ‎05-15-2018

Hi,

I can't find much information regarding this, but I did find this post which indicates CDA is dead and potentially ISE PIC will replace it. So CDA might not officially be EOL but it may well be soon.

adamgibs7 · ‎05-19-2018

thanks for the reply,

so what I understand is ISE-PIC is different software than a cisco ISE ??

As instructed the replacement is trust sec does ISE supports trust sec with fortigate devices if they are been deployed as a datacenter firewalls.

thanks

adamgibs7 · ‎05-22-2018

Dears,

please correct me if im wrong. also please answer the below query.

thanks

Rob Ingram · ‎05-22-2018

This document describes the difference between ISE and ISE-PIC, it's basically a cut down version of ISE. Refer to the document as it clearly list what functionality is or is not supported in PIC.

No I do not believe you can use pxgrid with fortinet.

adamgibs7 · ‎05-23-2018

thanks RJI, +5 to you.

fortigate firewall has FSSO in build on the OS of the fortigate, we don't have to install a ISE-PIC stuff, cisco has made very complicate things for the very simple feature, In fortigate when we create a access-list we see the object group, services, and users as well. it is very simple to configure access policies with users in fortigate firewall.

Thanks