Help Requested - Start Before Login - With Guidelines
I'm trying to enable start before login with the following constraints and finding it difficult...
SBL profile should not be visible to user when in user context of OS or should be the same profile.
Clientless users must not be prompted for a certificate.
Usernames must be prefilled from certificate for user context connections.
So I figured I could build a unified client profile for users then on auth I could pass back a different connection profile via RADIUS that I could setup to allow different levels of access based on machine cert + user auth vs user cert + user auth. Then there wouldn't be a different user experience on available profiles, that would satisfy #1.
At first I thought I'd do a simple cert map, but this violated #2, as unmanaged devices started getting prompted for certificates.
Then I thought I could play with a lua script to kick back a username if it was a user cert or prompt for the user name if it was a machine cert, asa didn't seem to like returning a nil value, and an empty string didn't help either. Maybe I did it wrong?
Join us live on Tuesday, July 16 at 10 am PT to learn how integration and automation are the key to successful security designs. We’ll answer questions about Threat Response and also do a quick demo of our browser plugin and our latest integration wi...
Hello and welcome to the repository for the Monthly Webinar Series put together by our Desert Plains Operation Security Architecture team.
Our sessions are NOT recorded -- however you'll find historical slide decks attached as well as futu...
In June we have had new additions to our growing list of Machine-Learning-powered Confirmed Threat detections provided by the Cognitive Intelligence engine. Thanks to the improvement made to our Machine Learning backend (see Machine Learning Backend Impro...
Scenario where Site-to-Site VPN created between Cisco ASA and Cisco FTD with NAT requirement.ASA OS Version: Cisco Adaptive Security Appliance Software Version 9.6(1) FTDv: Cisco Firepower Threat Defense for VMWare (75) Version 6.2.0 (Build 363)CSR10...
Dear Cisco Customers,
Earlier this year, we launched Cisco Identity Services Engine 2.6 that delivers great strides in capability, scalability, and performance. We also introduced all-new, high-performance Secure Network Server appliances...