Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
0
Helpful
6
Replies

Cisco IronPort S370 authentication options

Go to solution
Colin Higgins
Level 2
Level 2

‎04-15-2014 02:18 PM

We have a Cisco IronPort S370 web security appliance, and want to set it up so that it can authenticate users in our Active Directory and apply access policies to them.

 

I joined the appliance to the domain and added the authentication realm, but I don't see anywhere to specify groups from AD to create policies for. For instance, if I create some URL filtering policy, I want to be able to connect that back to a group in AD.

 

Anyone know how to do this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Poonam Garg
Level 3
Level 3
In response to Colin Higgins

‎04-17-2014 08:55 AM

Under Identities and Users select option 'All Identities'

Beneath that you select "Selected Groups and Users"

under that click Groups:No groups entered link.

Normally you must see Domain\group name

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Poonam Garg
Level 3
Level 3

‎04-16-2014 11:22 PM

1.First check whether your WSA is integrated with AD successfully by Test authentication realm settings, it should be successful.

2.Then go to Access policies----New policy---under policy member definition----check Selected groups and users radio button--then click No groups entered link to specify AD group.Here you will find all AD groups, select your desired group and add it to right pane.

HTH

"Please rate helpful posts"

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to Poonam Garg

‎04-17-2014 07:15 AM

OK, step 1 works: the IronPort tests out fine against AD

 

step 2 is where I get stuck.

 

I go into Access Policies-->New Policy

 

I give it a name like "Test" and then go to Policy Member Definition

 

Below that is a pull down menu with "Identities and Users" with the options "All Identities" and "Select One or More Identities"

 

I don't see a radio button or a "No groups entered" option

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to Colin Higgins

‎04-17-2014 07:32 AM

Ah, I think I found it: the group I was using had "no authentication required" in identities, and therefore did not show me everything.

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to Colin Higgins

‎04-17-2014 07:36 AM

However, when I select "Selected Groups and Users" I only get the option to manually put in individual users such as DOMAIN\colin

 

Shouldn't I be seeing more than this? How do I put in a group?

0 Helpful

Go to solution
Poonam Garg
Level 3
Level 3
In response to Colin Higgins

‎04-17-2014 08:55 AM

Under Identities and Users select option 'All Identities'

Beneath that you select "Selected Groups and Users"

under that click Groups:No groups entered link.

Normally you must see Domain\group name

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to Poonam Garg

‎04-22-2014 08:24 AM

The account that is used to create an account for the IronPort in AD must be an Enterprise Admin --no other will work, even if those accounts have domain management credentials. Once we put these credentials in, we we able to fetch the users and groups.

0 Helpful
Customers Also Viewed These Support Documents