Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1397
Views
0
Helpful
1
Replies

How to enable user based ACL in Firewall without installing AD agent in the server?

orthicon2009
Level 1
Level 1

‎06-18-2020 08:38 AM

Hello Guys,

 

I have a cisco 5508-X firewall and would like to create a userbased ACLs without installing Cisco AD agent in our AD or Domain controller servers.

 

Appreciate if you can point me to the right direction.

 

Thanks,

Jack

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-18-2020 07:50 PM - edited ‎06-18-2020 07:51 PM

Sorry but user-based ACLs require the use of Context Directory Agent (CDA - successor to AD agent). There's no option to use locally defined users or other identity sources.

Note CDA isn't really actively maintained by Cisco. The last update was early 2019 when they added Server 2016 support with Patch 6.

https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/release_notes/cda10_rn.html

That aside, it's pretty simple to setup and use:

https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10.html

Cisco's current strategy is for customers to migrate to using Firepower Threat Defense (FTD) with ISE or ISE-PIC as the identity source.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card