ngfw

The video shows you how to configure Cisco ASA CX to enforce Active Authentication and apply the same decryption and access policies to the remote VPN user so they can have the same user experiences as those locating inside the network. We will perform additional traffic restriction based on client operating system using information provided by Cisco AnyConnect client, as well as user browser type using User Agent attribute.  

The video shows you how to configure Cisco ASA CX to enforce Active Authentication and apply the same decryption and access policies to the remote VPN user so they can have the same user experiences as those locating inside the network. We will perform additional traffic restriction based on client operating system using information provided by Cisco AnyConnect client, as well as user browser type using User Agent attribute.  

The video shows you how to configure Cisco ASA CX to perform web filtering. We will be creating a whitelist and blacklist of website URL that we want to enforce on our users. We will then take one step further and leverage website category that is built into the CX. In addition to a deny action, we will explore a warn option and try to explore its behavior. To show you the flexibility of web category, we will apply it to decryption policy to get better control of the type of traffic that will or will not get decrypted. The video finishes by showing you the customization of user notification pages.

The video shows you how to configure Cisco ASA CX to perform web filtering. We will be creating a whitelist and blacklist of website URL that we want to enforce on our users. We will then take one step further and leverage website category that is built into the CX. In addition to a deny action, we will explore a warn option and try to explore its behavior. To show you the flexibility of web category, we will apply it to decryption policy to get better control of the type of traffic that will or will not get decrypted. The video finishes by showing you the customization of user notification pages.

The video demonstrates Cisco ASA CX ability to perform application matching beyond just protocols and ports by using Application Visibility and Control (AVC) feature. You will see how to deploy access policy at ease without worrying about being circumvented by application running on non-default port, or even those that sprawl multiple dynamic ports. This intelligence take you as far as matching based on a group of application by type, and specific application behavior. All of these will be demonstrated through three applications; RDP, Bittorrent, and Facebook, in this lab.

The video shows you how to configure Cisco ASA CX to gain visibility to encrypted traffic by enabling decryption capability. We will first used a self-signed certificate and present a problem of certificate warning. We will then try to resolve this by having the certificate signed by a client trusted CA. Most importantly you will get to see what user experience is like when the CX inserts itself in between HTTPS transactions.  

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.