Cisco Cisco Web Security Appliance S170 사용자 가이드
29-12
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 29 Common Tasks
How to Create Access Policies that Apply to Active Directory User Groups
How to Create Access Policies that Apply to Active Directory
User Groups
User Groups
You might want to grant different levels of access control to different users. For example, you might need
to allow marketing users to access partner websites, but block engineering users from accessing partner
sites. When users are authenticated against an authentication server, such as Microsoft Active Directory,
and the authentication server has different user groups defined, you can create different policies for
different user groups.
to allow marketing users to access partner websites, but block engineering users from accessing partner
sites. When users are authenticated against an authentication server, such as Microsoft Active Directory,
and the authentication server has different user groups defined, you can create different policies for
different user groups.
In this task, you will create two Access Policies that apply to users in different Active Directory user
groups. One policy will be for Marketing users and the other for Engineering users.
groups. One policy will be for Marketing users and the other for Engineering users.
This task assumes that an NTLM authentication realm is defined on the Web Security appliance that
references an Active Directory server with configured user groups.
references an Active Directory server with configured user groups.
To create Access Policies that apply to different Active Directory user groups:
Step 1
Navigate to the Web Security Manager > Identities page.
Step 2
Click Add Identity.
Step 3
In the Name field, enter a name for this policy, such as
NTLMUsers
.
Step 4
In the Insert Above field, verify this Identity is below all other Identities that do not require
authentication.
authentication.
Step 5
In the Define Members by Authentication section, choose “Require Authentication” from the drop down
menu.
menu.
Step 6
In the Select a Realm or Sequence field, choose the NTLM authentication realm already defined on the
appliance.
appliance.
Step 7
In the Define Members by Protocol section, choose “HTTP/HTTPS Only.” This is because
authentication is not supported with native FTP transactions.
authentication is not supported with native FTP transactions.
Step 8
Use the default values for all other settings, or optionally, change them as needed by your organization.
Step 9
Click Submit.
Step 10
Navigate to the Web Security Manager > Access Policies page.
Step 11
Click Add Policy.
Step 12
In the Policy Name field, enter a name for this policy, such as
MarketingPolicy
.
Step 13
In the Identities and Users field, choose “Select One or More Identities.”
Step 14
In the Identity field, select the Identity created in
.
Step 15
Under Authorized Users and Groups for the NTLM authentication realm, choose “Selected Groups and
Users” and then click the link next to “Groups.”
Users” and then click the link next to “Groups.”
Step 16
On the Access Policies: Policy “PolicyName”: Edit Groups page, add user groups to the Authorized
Groups section. You can do this using any of the following methods:
Groups section. You can do this using any of the following methods:
•
Select a user group in the directory search list window and either double-click or click Add.
•
Type the entire group name in the Directory Search window, and after the search is complete, click
Add. This allows you to enter groups that do not appear in the directory search list, such as groups
that belong to a trusted domain or groups that are not yet available in the directory.
Add. This allows you to enter groups that do not appear in the directory search list, such as groups
that belong to a trusted domain or groups that are not yet available in the directory.
Step 17
Click Done.
Step 18
Click Submit.