cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1137
Views
0
Helpful
1
Replies

Cisco ASA firewall operator

Krasnoperov
Level 1
Level 1

Hi,

I have an ASA 5585, I need to create user that have can only add, remove ,change rules in firewall section in ASDM, for other sections just read-only rights.

Anyone have this experience?

thanks

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

You can't unfortunately specify just the firewall section for read/write access.

You can configure command authorization for specific command that you would like read/write access, however, in your case, the command would be access-list and access-list can belong to different section, ie: firewall, NAT, VPN, etc.

If you are interested, here is the document on command authorization for you reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/access_management.html#wp1145888

Otherwise, the ASA only have 3 level of privileges:

- Admin (privilege level 15, with full access to all  CLI commands;

- Read Only (privilege level 5, with read-only access); and

- Monitor Only (privilege level 3, with access to the Monitoring section  only).

Review Cisco Networking for a $25 gift card