Cisco Cisco ASA 5555-X Adaptive Security Appliance
17
Release Notes for Cisco ASDM, Version 6.4(x)
New Features
New Features in ASA 8.4(2)/ASDM 6.4(5)
Released: June 20, 2011
lists the new features for ASA Version 8.4(2)/ASDM Version 6.4(5).
Troubleshooting Features
Regular expression
matching for the show asp
table classifier and show
asp table filter commands
matching for the show asp
table classifier and show
asp table filter commands
You can now enter the show asp table classifier and show asp table filter commands with a
regular expression to filter output.
regular expression to filter output.
We modified the following commands: show asp table classifier match regex, show asp table
filter match regex.
filter match regex.
ASDM does not support this command; enter the command using the Command Line Tool.
Also available in Version 8.2(5.13) and 8.3.2(25).
Table 8
New Features for ASA Interim Version 8.4(2.8)/ASDM Version 6.4(5.106) (continued)
Feature
Description
Table 9
New Features for ASA Version 8.4(2)/ASDM Version 6.4(5)
Feature
Description
Firewall Features
Identity Firewall
Typically, a firewall is not aware of the user identities and, therefore, cannot apply security
policies based on identity.
policies based on identity.
The Identity Firewall in the ASA provides more granular access control based on users’
identities. You can configure access rules and security policies based on usernames and user
groups name rather than through source IP addresses. The ASA applies the security policies
based on an association of IP addresses to Windows Active Directory login information and
reports events based on the mapped usernames instead of network IP addresses.
identities. You can configure access rules and security policies based on usernames and user
groups name rather than through source IP addresses. The ASA applies the security policies
based on an association of IP addresses to Windows Active Directory login information and
reports events based on the mapped usernames instead of network IP addresses.
The Identity Firewall integrates with Window Active Directory in conjunction with an external
Active Directory (AD) Agent that provides the actual identity mapping. The ASA uses
Windows Active Directory as the source to retrieve the current user identity information for
specific IP addresses.
Active Directory (AD) Agent that provides the actual identity mapping. The ASA uses
Windows Active Directory as the source to retrieve the current user identity information for
specific IP addresses.
In an enterprise, some users log onto the network by using other authentication mechanisms,
such as authenticating with a web portal (cut-through proxy) or by using a VPN. You can
configure the Identity Firewall to allow these types of authentication in connection with
identity-based access policies.
such as authenticating with a web portal (cut-through proxy) or by using a VPN. You can
configure the Identity Firewall to allow these types of authentication in connection with
identity-based access policies.
We introduced the following screens:
Configuration > Firewall > Identity Options.
Configuration > Firewall > Objects > Local User Groups
Monitoring > Properties > Identity
Configuration > Firewall > Objects > Local User Groups
Monitoring > Properties > Identity
We modified the following screen: Configuration > Device Management > Users/AAA > AAA
Server Groups > Add/Edit Server Group.
Server Groups > Add/Edit Server Group.