Forum Discussion

Nimbostratus

Jun 23, 2014

AFM rules filtering based on Active Directory Grouping

hi all, was posed with this question a few days ago. In AFM, we are able to do firewall rules based on VS. Then there is this question, If i wanted to do a AFM policy based on AD-grouping. Can ...

advanced firewall manager

Employee

Jun 24, 2014

The basic problem here is the difference between OSI layers 4 and 7. AFM generally operates at layer 4, while any sort of authentication (ie. AD group information) is going to be queried for/obtained/processed in layer 7. In other words, by the time you've queried AD, an AFM policy has already allowed the traffic to pass. Now you could create a block on subsequent requests, based on AD query status, but you'd have to let the first few L7 transactions happen.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)