One of our clients wants to migrate from their Fortinet appliance (Fortigate 200A) to Cisco ASA and their main stumbling points is that they want to keep their current Internet access policy, namely control access to internet for various users. Let's say there's a list of allowed sites only which can be visited by regular users while the unlimited Internet access is allowed to administrators or managers only. Users are authenticated against the AD and then authorized with a Fortinet agent software.
Can such a thing or something similar be implemented with Cisco ASA and ACS network profiles? I don't know if URL filtering can be implemented with ACS either.