I have a client who is looking to upgrade their current firewall / proxy. The customer currently only uses the proxy to filter who is allowed access to the internet. I am looking to solve this problem on a single device (ASA). In particular they have an ASA 5510 but would be looking to upgrade it. They currently classify users as "no internet", "selected sites", "internet", and "full access" in AD (Win Srv 2012). "No Internet" users are blocked to all sites except a few sites like UPS and their time clock SaaS provider. "Selected Sites" are allowed to a list of sites that the IT manager updates. "Internet" and "Full Access" are now similar in that they are allowed to all sites. (Use to have URL category filtering but don't subscribe anymore.)
I am looking to have the firewall check AD to see what group the user is in and then apply a rule (access list, etc) based on the group.
Ideally, I would like to make this as simple to manage as possible (current proxy has web interface to add sites to allow) but don't want to spend a ton on modules and software just to get 1 feature.