Cisco IronPort S370 authentication options

Answered Question
Apr 15th, 2014
User Badges:

We have a Cisco IronPort S370 web security appliance, and want to set it up so that it can authenticate users in our Active Directory and apply access policies to them.

 

I joined the appliance to the domain and added the authentication realm, but I don't see anywhere to specify groups from AD to create policies for. For instance, if I create some URL filtering policy, I want to be able to connect that back to a group in AD.

 

Anyone know how to do this?

Correct Answer by Poonam Garg about 3 years 4 months ago

Under Identities and Users select option 'All Identities'

Beneath that you select "Selected Groups and Users"

under that click Groups:No groups entered link.

Normally you must see Domain\group name

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Poonam Garg Wed, 04/16/2014 - 23:22
User Badges:
  • Silver, 250 points or more

1.First check whether your WSA is integrated with AD successfully by Test authentication realm settings, it should be successful.

2.Then go to Access policies----New policy---under policy member definition----check Selected groups and users radio button--then click No groups entered link to specify AD group.Here you will find all AD groups, select your desired group and add it to right pane.

HTH

"Please rate helpful posts"

Colin Higgins Thu, 04/17/2014 - 07:15
User Badges:

OK, step 1 works: the IronPort tests out fine against AD

 

step 2 is where I get stuck.

 

I go into Access Policies-->New Policy

 

I give it a name like "Test" and then go to Policy Member Definition

 

Below that is a pull down menu with "Identities and Users" with the options "All Identities" and "Select One or More Identities"

 

I don't see a radio button or a "No groups entered" option

Colin Higgins Thu, 04/17/2014 - 07:32
User Badges:

Ah, I think I found it: the group I was using had "no authentication required" in identities, and therefore did not show me everything.

Colin Higgins Thu, 04/17/2014 - 07:36
User Badges:

However, when I select "Selected Groups and Users" I only get the option to manually put in individual users such as DOMAIN\colin

 

Shouldn't I be seeing more than this? How do I put in a group?

Correct Answer
Poonam Garg Thu, 04/17/2014 - 08:55
User Badges:
  • Silver, 250 points or more

Under Identities and Users select option 'All Identities'

Beneath that you select "Selected Groups and Users"

under that click Groups:No groups entered link.

Normally you must see Domain\group name

Colin Higgins Tue, 04/22/2014 - 08:24
User Badges:

The account that is used to create an account for the IronPort in AD must be an Enterprise Admin --no other will work, even if those accounts have domain management credentials. Once we put these credentials in, we we able to fetch the users and groups.

Actions

This Discussion