13-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 3 Managing Identity-Aware Firewall Policies
Configuring Identity-Aware Firewall Policies
From the Identity Settings Security Manager Administration page, click the Add or Edit buttons for
the settings table. These settings determine which servers are used when using Find to locate a user
or user group name when configuring firewall rules or identity user group objects. See Identity
Settings Page, page 11-26.
Field Reference
Identity Configuration Wizard Active Directory Settings
Use the Active Directory Settings page of the Identity Configuration wizard to identify the Active
Directory (AD) servers for a NetBIOS domain. These settings are required to enable user-identity-aware
firewall policies for users in the domain.
Navigation Path
Do one of the following:
From the AD Setup tab of the Identity Options page, click the Configure Identity button. See
Identifying Active Directory Servers and Agents, page13-8.
If the Identity Options policy is not already configured, you can start the wizard from the AAA
Rules, Access Rules, or Inspection Rules policies by clicking the Select button for the User field and
then clicking Yes when asked if you want to configure identity.
Table13-2 Domain AD Server Dialog Box
Element Description
Domain The NetBIOS domain for this AD server group. The domain name can
be up to 32 characters, typically in all uppercase. For example, if the
user specification is DOMAIN\user1, DOMAIN is the NetBIOS
domain name.
AD Server Group The name of the AAA server group policy object that identifies the AD
servers for this domain. The object must use the LDAP protocol.
Click Select to select the object or to create a new one.
Disable Rules When Server
Is Down
(Identity Options policy
only.)
Whether to disable all identity-aware firewall rules for this domain if
the domain controller is down. If you select this option, all users for a
domain are marked as disabled until the server becomes available.
Update Administrative
Settings
(Identity Options policy
only.)
Whether to add the domain and server mapping to the Security Manager
Administration Identity Settings page. This administrative page
determines which AD servers are queried when you try to find users or
user groups when adding them to firewall policies or to identity user
group objects. For more information, see Identity Settings Page,
page 11-26.