8-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 8 ASA and Cisco Cloud Web Security
Examples for Cisco Cloud Web Security
Number of HTTP connections dropped because of errors: 0
Number of HTTPS connections dropped because of errors: 0
•
show conn scansafe
Shows all Cloud Web Security connections, as noted by the capitol Z flag.
You can determine if a user’s traffic is being redirected to the proxy servers by accessing the following
URL from the client machine. The page will show a message indicating whether the user is currently
using the service.
Examples for Cisco Cloud Web Security
Following are some examples for configuring Cloud Web Security.
•
Cloud Web Security Example with Identity Firewall, page 8-15
•
Active Directory Integration Example for Identity Firewall, page 8-17
Cloud Web Security Example with Identity Firewall
The following example shows a complete configuration for Cisco Cloud Web Security in single context
mode, including the optional configuration for identity firewall.
Step 1
Configure Cloud Web Security on the ASA.
hostname(config)# scansafe general-options
hostname(cfg-scansafe)# server primary ip 192.168.115.225
hostname(cfg-scansafe)# retry-count 5
hostname(cfg-scansafe)# license 366C1D3F5CE67D33D3E9ACEC265261E5
Step 2
Configure identity firewall settings.
Because groups are a key feature of ScanCenter policies, you should consider enabling the identity
firewall if you are not already using it. However, identity firewall is optional. The following example
shows how to define the Active Directory (AD) server, the AD agent, configure identity firewall settings,
and enable the user identity monitor for a few groups.
aaa-server AD protocol ldap
aaa-server AD (inside) host 192.168.116.220
server-port 389
ldap-base-dn DC=ASASCANLAB,DC=local
ldap-scope subtree
ldap-login-password *****
ldap-login-dn cn=administrator,cn=Users,dc=asascanlab,dc=local
server-type microsoft
aaa-server adagent protocol radius
ad-agent-mode
aaa-server adagent (inside) host 192.168.116.220
key *****
user-identity domain ASASCANLAB aaa-server AD
user-identity default-domain ASASCANLAB
user-identity action netbios-response-fail remove-user-ip
user-identity poll-import-user-group-timer hours 1
user-identity ad-agent aaa-server adagent
user-identity user-not-found enable
user-identity monitor user-group ASASCANLAB\\GROUP1
Содержание ASA 5508-X
Страница 11: ...P A R T 1 Access Control ...
Страница 12: ......
Страница 60: ...4 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 4 Access Rules History for Access Rules ...
Страница 157: ...P A R T 2 Network Address Translation ...
Страница 158: ......
Страница 204: ...9 46 Cisco ASA Series Firewall CLI Configuration Guide Chapter 9 Network Address Translation NAT History for NAT ...
Страница 232: ...10 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 10 NAT Examples and Reference DNS and NAT ...
Страница 233: ...P A R T 3 Service Policies and Application Inspection ...
Страница 234: ......
Страница 379: ...P A R T 4 Connection Management and Threat Detection ...
Страница 380: ......
Страница 400: ...16 20 Cisco ASA Series Firewall CLI Configuration Guide Chapter 16 Connection Settings History for Connection Settings ...
Страница 414: ...17 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 Quality of Service History for QoS ...