I have deployed this in a few production environments and it has been used for multiple purposes:
1. A poor man's web security appliance - to allow specific users access to certain external sites and services (facebook, Netflix, etc.) and deny others. 2. Internal resource access control. 3. Client wanted to monitor an individual's or a group's activity. Sorry if this isn't a very helpful response but I surprisingly found the feature to be pain-free regarding implementation and/or management. Call me a cynic, I expected bugs galore. The key pieces are already there (AAA, Access-control, etc.), so Cisco didn't really introduce anything new here, they just took a few things that already existed and enabled them to combine their functions for a different purpose. There was no remarkable increase in resources that would have any end-user impact, the feature was able to be staged and then enabled to prevent any type of downtime or other adverse impact during implementation. The only beef I have with it is regarding the lack of additional and, in my opinion, obvious uses that it seems capable of if Cisco ever decides to allow - such as per-user rate-limiting. Kind Regards, Kevin Sheahan CCIE # 41349 (Security) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joe Astorino Sent: Wednesday, January 08, 2014 1:03 PM To: OSL Security Subject: [OSL | CCIE_Security] OT: Identity Firewall I am just wondering if any if you have deployed the identity firewall feature in a production environment so you can integrate ACLs with AD/Users/Groups? How do you like it? Are there any "gotchas" and would you recommend it? I am thinking of deploying this to allow only specific users and groups access to resources regardless of src IP. Thanks! Sent from my iPhone _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
