Cisco Systems ASA 5580 Webcam User Manual


 
25-3
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 25 Configuring the ASA for Cisco Cloud Web Security
Information About Cisco Cloud Web Security
The ASA supports the following methods of determining the identity of a user, or of providing a default
identity:
AAA rules—When the ASA performs user authentication using a AAA rule, the username is
retrieved from the AAA server or local database. Identity from AAA rules does not include group
information. If configured, the default group is used. For information about configuring AAA rules,
see Chapter 8, “Configuring AAA Rules for Network Access.”
IDFW—When the ASA uses IDFW with the Active Directory (AD), the username and group is
retrieved from the AD agent when you activate a user and/or group by using an ACL in a feature
such as an access rule or in your service policy, or by configuring the user identity monitor to
download user identity information directly.
For information about configuring IDFW, see Chapter 38, “Configuring the Identity Firewall,” in the
general operations configuration guide.
Default username and group—Without user authentication, the ASA uses an optional default
username and/or group for all users that match a service policy rule for Cloud Web Security.
Authentication Keys
Each ASA must use an authentication key that you obtain from Cloud Web Security. The authentication
key lets Cloud Web Security identify the company associated with web requests and ensures that the
ASA is associated with valid customer.
You can use one of two types of authentication keys for your ASA: the company key or the group key.
Company Authentication Key, page 25-3
Group Authentication Key, page 25-3
Company Authentication Key
A Company authentication key can be used on multiple ASAs within the same company. This key simply
enables the Cloud Web Security service for your ASAs. The administrator generates this key in
ScanCenter (https://scancenter.scansafe.com/portal/admin/login.jsp); you have the opportunity to e-mail
the key for later use. You cannot look up this key later in ScanCenter; only the last 4 digits are shown in
ScanCenter. For more information, see the Cloud Web Security documentation:
http://www.cisco.com/en/US/products/ps11720/products_installation_and_configuration_guides_list.h
tml.
Group Authentication Key
A Group authentication key is a special key unique to each ASA that performs two functions:
Enables the Cloud Web Security service for one ASA.
Identifies all traffic from the ASA so you can create ScanCenter policy per ASA.
For information about using the Group authentication key for policy, see the “ScanCenter Policy” section
on page 25-4).
The administrator generates this key in ScanCenter
(https://scancenter.scansafe.com/portal/admin/login.jsp); you have the opportunity to e-mail the key for
later use. You cannot look up this key later in ScanCenter; only the last 4 digits are shown in ScanCenter.