This applies to single as well as multiple contexts. Total number of IPs per user in a domain - 8 IP addressesĪD Agent can support up to 100 client devices and 30 domain controller machines, and can internally cache up to 64,000 IP-to-user-identity mappings.ĪSA - The Identity Firewall supports defining only two AD-Agent hosts.
Total users supported - ASA5505 (1024 users), Other model ASAs support 64K users The following ASA features do not support using the identity-based object and FQDN:įeature is supported in all models of ASAs.įeature is supported in all modes of ASAs - transparent, routed, single and multiple-context mode.MAC address checking by the Identity Firewall does not work when intervening routers are present.A full URL as a destination address is not supported.SSL must be enabled on the Active Directory server. Windows 2003 R2 is not supported for the AD Agent server.ĪSA sends encrypted log in information to the Active Directory server by using SSL enabled over LDAP. Supported Windows servers include Windows 2003, Windows 2008, and Windows 2008 R2. Configure the AD Agent to communicate with the ASA. Additionally, you must configure the AD Agent to obtain information from the Active Directory servers. The AD Agent must be installed on a Windows server that is accessible to the ASA. The ASA must be running minimum 8.4.2 code to be able to configure IDFW feature. This configuration example is meant to be interpreted with the aid of the official documentation from the configuration guide located here: With Identity firewall, we can configure access-list and allow/restrict permission based on users and/or groups that exist in the Active Directory Domain.
0 kommentar(er)
