Good afternoon
I configured the Cisco Prime Security Manager (PRSM), and i have already tried the Web Filter, Application Control, IPS and Malware with IP addresses. Now I'm trying to add policies with CX Identity Objects, I have configured and tested the Directory Realm, it's working because I got self completed the fields when create CX Identity Objects. Also i have configured an Identity Policy in passive mode (if I skip these step the validation of the user doesn't work).
When I create the CX Identity Object I fill the fields in the Include section as follows:
- Group with the corresponding group in my AD, left user field empty because I want to take all the users in the group and Identity objects has three options, Known Users which make reference to the users that are correctly identified, Unknown Users the opposite of known users, and empty in which case i guess it validate any user independently of his identity.
So I have three cases to create the CX Identity Object, Group corresponding to the AD group, user empty to take all the user in the group and the only field that changes is the Identity Object.
- When I select Known Users, all users match the first policy because all users are authenticated.
- When I select Unknow Users, any of my users match the corresponding policy and go to the Implicit Allow because they are authenticated.
- When I left the field empty all users match directly the Implict Allow.
So I want to know if I'm making something wrong or I'm missing something.
Please let me know if need something to help me with my problem, thanks a lot.
