Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
0
Helpful
1
Replies

cisco ASA 5585 allow only domain joined computers

Yasir Iqbal
Level 1
Level 1

‎02-13-2020 01:23 AM

Dear All,

We have Cisco Firewall ASA 5585-SSP-20. Our all servers are behind the firewall. Could it be possible that only those clients only access the servers which are domain joined and do not give access to  those whom are not domained joined.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-13-2020 04:00 AM

If you integrate the firewall with an identity source this can be done with the use of the "identity firewall" features - essentially using user identity or AD group membership as part of an ACL.

Most of the documents are a bit dated and refer to AD agent or Context Directory Agent (CDA) as the identity source.

https://community.cisco.com/t5/security-documents/asa-idfw-identity-firewall-step-by-step-configuration/ta-p/3127806

AD Agent and CDA are mostly deprecated and the current solution involves integration via Cisco Identity Services Engine (ISE) or the lightweight version of that ISE-PIC (ISE Passive Identity Collector):

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/pic_admin_guide/PIC_admin24/PIC_admin_chapter_00.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card