Description

The Cisco ASA 5500-X Series Next-Generation Firewalls use the Botnet Traffic Filter feature to detect and prevent botnet activity that is detected in transit traffic. The Botnet Traffic Filter feature detects and prevents traffic from bot-infected hosts to their control servers using a reputation-based mechanism. This course provides an overview of the Cisco ASA Botnet Traffic Filter, and explains how to configure and verify Cisco ASA Botnet Traffic Filter. Users in an enterprise often need access to one or more server resources and typically, a firewall is not aware of user identities and cannot apply security policies based on identity. The Identity Firewall in the Cisco ASA provides granular access control based on user identities. You can configure access rules and security policies based on usernames and a user group name rather than through source IP addresses. The Cisco ASA applies the security policies based on an association of IP addresses to Windows Active Directory login information and reports events based on the mapped usernames instead of on the network IP addresses. The Identity Firewall integrates with the Microsoft Active Directory in conjunction with an external Cisco Context Directory Agent that provides the actual identity mapping. The Cisco ASA uses the Windows Active Directory as the source to retrieve current user identity information for specific IP addresses and allows transparent authentication for Active Directory users. Identity-based firewall services enhance the existing access control and security policy mechanisms by allowing users or groups to be specified in place of source IP addresses. Identity-based security policies can be interleaved without restriction between traditional IP address-based rules. This course describes how to configure, verify and troubleshoot the Cisco ASA Identity Firewall.