Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

47-6

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 47 Configuring Device Administration Policies on Firewall Devices

About AAA on Security Devices

Authorization Tab

The Authorization tab allows you to configure authorization for accessing firewall commands.

Navigation Path

You can access the Authorization tab from the AAA page; see Configuring AAA - Authentication Tab,

page 47-5.

Require AAA Authorization for the following types of connections

Select the connections that require authorization. For each type, users are allowed up to three attempts

to access the firewall console. If this number is exceeded, an “access denied” message is displayed.

Select each connection option individually:

• HTTP – Require AAA authentication when a user initiates an HTTPS connection to the firewall

console.

• Serial – Require AAA authentication when a user initiates a connection to the firewall console via

the serial console cable.

• SSH – Require AAA authentication when a user initiates a Secure Shell (SSH) connection to the

console.

• Telnet – Require AAA authentication when a user initiates a Telnet connection to the firewall

console.

For each selected connection, provide a Server Group and indicate whether the LOCAL database is

used as a back-up:

• Server Group – Enter or Select the name of an AAA server to contact for user authentication.

• Use LOCAL when server group fails – Check this box to use the LOCAL database as back-up if

the selected server fails. (This option is not enabled until you provide a Server Group.)

Authentication Prompts

Login Prompt Enter the prompt a user will see when logging in to the security

appliance.

Accepted Message Enter the message displayed when successfully authenticated.

Rejected Message Enter the message displayed when authentication fails for any reason.

Rejected Message for Invalid

Credentials

Enter the message displayed when authentication fails following entry

of unknown or invalid credentials.

Available only on FWSM 3.2+ devices.

Rejected Message for

Expired Password

Enter the message displayed when authentication fails following entry

of an expired password.

Available only on FWSM 3.2+ devices.

Maximum Local

Authentication Failed

Attempts

Specify the number of times the device will try to authenticate a user in

the LOCAL database before that account is locked; valid values are 1

through 16.

Available only on ASA/PIX 7.01+ and FWSM 3.11+ devices.

Table 47-2 Authentication Tab (Continued)

Element Description

previous next