We have a Cisco IronPort S370 web security appliance, and want to set it up so that it can authenticate users in our Active Directory and apply access policies to them.
I joined the appliance to the domain and added the authentication realm, but I don't see anywhere to specify groups from AD to create policies for. For instance, if I create some URL filtering policy, I want to be able to connect that back to a group in AD.
1.First check whether your WSA is integrated with AD successfully by Test authentication realm settings, it should be successful.
2.Then go to Access policies----New policy---under policy member definition----check Selected groups and users radio button--then click No groups entered link to specify AD group.Here you will find all AD groups, select your desired group and add it to right pane.
The account that is used to create an account for the IronPort in AD must be an Enterprise Admin --no other will work, even if those accounts have domain management credentials. Once we put these credentials in, we we able to fetch the users and groups.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...