EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #151 background imageLoading...
Page #151 background image
8-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 8 ASA and Cisco Cloud Web Security
Examples for Cisco Cloud Web Security
Number of HTTP connections dropped because of errors: 0
Number of HTTPS connections dropped because of errors: 0
• show conn scansafe
Shows all Cloud Web Security connections, as noted by the capitol Z flag.
You can determine if a user’s traffic is being redirected to the proxy servers by accessing the following
URL from the client machine. The page will show a message indicating whether the user is currently
using the service.
http://Whoami.scansafe.net
Examples for Cisco Cloud Web Security
Following are some examples for configuring Cloud Web Security.
• Cloud Web Security Example with Identity Firewall, page 8-15
• Active Directory Integration Example for Identity Firewall, page 8-17
Cloud Web Security Example with Identity Firewall
The following example shows a complete configuration for Cisco Cloud Web Security in single context
mode, including the optional configuration for identity firewall.
Step 1 Configure Cloud Web Security on the ASA.
hostname(config)# scansafe general-options
hostname(cfg-scansafe)# server primary ip 192.168.115.225
hostname(cfg-scansafe)# retry-count 5
hostname(cfg-scansafe)# license 366C1D3F5CE67D33D3E9ACEC265261E5
Step 2 Configure identity firewall settings.
Because groups are a key feature of ScanCenter policies, you should consider enabling the identity
firewall if you are not already using it. However, identity firewall is optional. The following example
shows how to define the Active Directory (AD) server, the AD agent, configure identity firewall settings,
and enable the user identity monitor for a few groups.
aaa-server AD protocol ldap
aaa-server AD (inside) host 192.168.116.220
server-port 389
ldap-base-dn DC=ASASCANLAB,DC=local
ldap-scope subtree
ldap-login-password *****
ldap-login-dn cn=administrator,cn=Users,dc=asascanlab,dc=local
server-type microsoft
aaa-server adagent protocol radius
ad-agent-mode
aaa-server adagent (inside) host 192.168.116.220
key *****
user-identity domain ASASCANLAB aaa-server AD
user-identity default-domain ASASCANLAB
user-identity action netbios-response-fail remove-user-ip
user-identity poll-import-user-group-timer hours 1
user-identity ad-agent aaa-server adagent
user-identity user-not-found enable
user-identity monitor user-group ASASCANLAB\\GROUP1

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals