67-66
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Supporting a Zone Labs Integrity Server
To set the firewall client type to the Zone Labs Integrity type, enter the following command:
Setting Client Firewall Parameters
Enter the following commands to set the appropriate client firewall parameters. You can configure only
one instance of each command. Table67-4 lists the syntax elements of these commands. For more
information, see the “Configuring Firewall Policies” section on page67-63.

Cisco Integrated Firewall

hostname(config-group-policy)# client-firewall {opt | req} cisco-integrated acl-in ACL
acl-out ACL

Cisco Security Agent

hostname(config-group-policy)# client-firewall {opt | req} cisco-security-agent

No Firewall

hostname(config-group-policy)# client-firewall none
Step6 zonelabs-integrity fail-open
Example:
hostname(config)# zonelabs-integrity fail-open
Returns the configured VPN client connection fail
state to the default and ensures that the client
connections remain open.
Step7 zonelabs-integrity ssl-certificate-port
cert-port-number
Example:
hostname(config)# zonelabs-integrity
ssl-certificate-port 300
Specifies that the Integrity server connects to port
300 (the default is port 80) on the ASA to request the
server SSL certificate.
Step8 zonelabs-integrity ssl-client-authentication {enable
| disable}
Example:
hostname(config)# zonelabs-integrity
ssl-client-authentication enable
While the server SSL certificate is always
authenticated, also specifies that the client SSL
certificate of the Integrity server be authenticated.
Command Purpose
Command Purpose
client-firewall {opt | req} zonelabs-integrity
Example:
hostname(config)# client-firewall req
zonelabs-integrity
For more information, see the “Configuring Firewall
Policies” section on page 67-63. The command arguments
that specify firewall policies are not used when the firewall
type is zonelabs-integrity, because the Integrity server
determines these policies.