Using Active Directory Groups in Firewall Policy

Unanswered Question
Jan 11th, 2010
User Badges:


Am trying to undestand if I can use an ASA 5510 to set up firewall policies for AD Groups.

E.g. I have an AD group allowed_users that I want to allow access to the internet.

Can I integrate an ASA with my AD, and then create a Policy that allows this group access to port 80/443 to all external IPs?

I found help on the Cisco Site for Tunnel Groups, but that is not what I want.

Am a newbie/non-technical evaluator and would appreciate any pointers.



Jogged this thread on 20 Jan. Hope to receive some expert advise on this now :-)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
solpandor Mon, 01/11/2010 - 08:40
User Badges:


i dont think you can do it that way -  (experts pls correct if im wrong)

are your AD groups on different subnets? if so then you can do it via ACL where you create and access list for the subnet you want to allow all access and then deny the rest


karthik_rao Mon, 01/11/2010 - 08:47
User Badges:

Hi Solpandor,

I cannot use an ACL without a lot of re-design of my networks. I would also have to probably write AD Login scripts to change people's subnet.

Am specifically looking for Frewall Integration with AD.


This Discussion

Related Content