Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Community Member

Cisco IronPort S370 authentication options

We have a Cisco IronPort S370 web security appliance, and want to set it up so that it can authenticate users in our Active Directory and apply access policies to them.

 

I joined the appliance to the domain and added the authentication realm, but I don't see anywhere to specify groups from AD to create policies for. For instance, if I create some URL filtering policy, I want to be able to connect that back to a group in AD.

 

Anyone know how to do this?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Under Identities and Users

Under Identities and Users select option 'All Identities'

Beneath that you select "Selected Groups and Users"

under that click Groups:No groups entered link.

Normally you must see Domain\group name

6 REPLIES
Silver

1.First check whether your

1.First check whether your WSA is integrated with AD successfully by Test authentication realm settings, it should be successful.

2.Then go to Access policies----New policy---under policy member definition----check Selected groups and users radio button--then click No groups entered link to specify AD group.Here you will find all AD groups, select your desired group and add it to right pane.

HTH

"Please rate helpful posts"

Community Member

OK, step 1 works: the

OK, step 1 works: the IronPort tests out fine against AD

 

step 2 is where I get stuck.

 

I go into Access Policies-->New Policy

 

I give it a name like "Test" and then go to Policy Member Definition

 

Below that is a pull down menu with "Identities and Users" with the options "All Identities" and "Select One or More Identities"

 

I don't see a radio button or a "No groups entered" option

Community Member

Ah, I think I found it: the

Ah, I think I found it: the group I was using had "no authentication required" in identities, and therefore did not show me everything.

Community Member

However, when I select

However, when I select "Selected Groups and Users" I only get the option to manually put in individual users such as DOMAIN\colin

 

Shouldn't I be seeing more than this? How do I put in a group?

Silver

Under Identities and Users

Under Identities and Users select option 'All Identities'

Beneath that you select "Selected Groups and Users"

under that click Groups:No groups entered link.

Normally you must see Domain\group name

Community Member

The account that is used to

The account that is used to create an account for the IronPort in AD must be an Enterprise Admin --no other will work, even if those accounts have domain management credentials. Once we put these credentials in, we we able to fetch the users and groups.

377
Views
0
Helpful
6
Replies
CreatePlease to create content