Configuring the identity firewall, Information about the identity firewall, Overview of the identity firewall – Cisco ASA 5505 User Manual
Page 713: C h a p t e r
C H A P T E R
36-1
Cisco ASA 5500 Series Configuration Guide using the CLI
36
Configuring the Identity Firewall
This chapter describes how to configure the ASA for the Identity Firewall. The chapter includes the
following sections:
•
Information About the Identity Firewall, page 1
•
Licensing for the Identity Firewall, page 8
•
Guidelines and Limitations, page 8
•
•
Configuring the Identity Firewall, page 10
•
Monitoring the Identity Firewall, page 25
•
Feature History for the Identity Firewall, page 28
Information About the Identity Firewall
This section includes the following topics:
•
Overview of the Identity Firewall, page 1
•
Architecture for Identity Firewall Deployments, page 2
•
Features of the Identity Firewall, page 3
•
•
Cut-through Proxy and VPN Authentication, page 7
Overview of the Identity Firewall
In an enterprise, users often need access to one or more server resources. Typically, a firewall is not
aware of the users’ identities and, therefore, cannot apply security policies based on identity. To
configure per-user access policies, you must configure a user authentication proxy, which requires user
interaction (a user name/password query).
The Identity Firewall in the ASA provides more granular access control based on users’ identities. You
can configure access rules and security policies based on user names and user groups name rather than
through source IP addresses. The ASA applies the security policies based on an association of IP
addresses to Windows Active Directory login information and reports events based on the mapped user
names instead of network IP addresses.