Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
13-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 13 Managing Identity-Aware Firewall Policies
Configuring Identity-Aware Firewall Policies
Requirements for Identity-Aware Firewall Policies, page 13-3
Identity Settings Page, page 11-26
Creating Policy Objects, page 6-9
Step 1 Select Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4).
Step 2 Select Identity User Group from the Object Type selector.
Step 3 Right-click in the work area, then select New Object to open the Identity User Group dialog box.
Step 4 Enter a name for the object and optionally a description of the object.
Step 5 Add and remove items in the Members in Group list to identify the users and user groups defined in the
object.
To populate the list, do any combination of the following:
In Available Identity User Group, select an existing object and click the Add >> button between
the lists.
In Search User/User Group, select a user or user group from the Active Directory server configured
for the domain in the Identity Settings administration options. You must configure the settings
before you can select users or user groups, so that Security Manager knows which AD server to use.
To find a user or user group, select the NetBIOS domain, indicate whether you are searching for a
user or user group, and enter a search string. Then, click Search to find matches. A name is
considered a match if the string appears anywhere within the name (first, middle initial, last), user
ID, CN, or for groups, user group name.
To add the user or group, select it in the list and click the Add >> button between the lists.
In Type in comma separated identity user or user group, type in a valid name, then click the Add
>> button between the lists. Separate multiple names with commas; they are added as separate lines
in the members list.
You can enter names in the following formats:
Individual users: NETBIOS_DOMAIN\user
User groups (note the double \): NETBIOS_DOMAIN\\user_group
If you do not include the domain name, one is added for you based on the options selected in the
Security Manager Administration Identity Settings page. If you precede the name with \ or \\, the
default domain defined on the Identity Settings page is automatically added.
To remove an item from the object, select it in the Members list and click the << Remove button
between the lists.
Step 6 (Optional) Under Category, select a category to help you identify this object in the Objects table. See
Using Category Objects, page 6-12.
Step 7 (Optional) Select Allow Value Override per Device to allow the properties of this object to be redefined
on individual devices. See Allowing a Policy Object to Be Overridden, page 6-18.
Step 8 Click OK to save the object.