We are going to start with our CSA deployment (CSA Ver 6.0.2) and having following points to be clarify. Appreciate if someone can advise me on the bellow points:
1) How policies to be dynamically applied to the user, independent of which workstation / server the user is logging on to. This way IT support staff should be able to troubleshoot or login to user's PCs regardless of its installed policies.
In other way... policies to be applied based on users accounts (users login name or Active directory name)
2) how much bandwidth/traffic will consume to run 200 agents to communicate with MC Server (as some of the clients are located remotely via microwave link)
3) What are best practise to run the policies for agents and severs.
With regard to policies for dynamic users, could you please explain how we can deploy policies for the user with user states?. Can there be agent kit with policies having user states and system states combined?.
Actually as I described earlier in my query, I need to know how we deploy policies with agent kit on the following situation.
I have normal users with restricted policies, however when admin or IT support staff want to use or access the same system those policies should not be applicable rather admin/IT support staff should have their policies effected once they login to the same system.
I use user states to allow admin users to do things by using a rule module that applies only to them.
Look at the built in user state sets to become familiar with the structure. If you use AD to define roles, you can create user state sets that include certain AD groups and assign them to rule modules that allow the activities you want them to perform.
For example, I have an AD group called AD\ServiceDesk. I created a user state set called AD Service Desk Members with users matching and groups matching AD\ServiceDesk.
I created a rule module that allows activities that are denied by other rule modules and applied the user state set to it.
I associated it with the standard Desktop policy that is associated with the group.
Any member of that group can do things on any host in the Desktops group but standard users cannot.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...