Group Policies - Cisco FirePOWER ASA 5500 series Configuration Manual

Group Policies

Figure 30-6
Enforcing password complexity takes effect only when the user changes passwords; for example, when
you have configured Enforce password change at next login or Password expires in n days. At login, the
user receives a prompt to enter a new password, and the system will accept only a complex password.
Group Policies
This section describes group policies and how to configure them. It includes the following sections:
•
•
A group policy is a set of user-oriented attribute/value pairs for IPSec connections that are stored either
internally (locally) on the device or externally on a RADIUS server. The tunnel group uses a group policy
that sets terms for user connections after the tunnel is established. Group policies let you apply whole
sets of attributes to a user or a group of users, rather than having to specify each attribute individually
for each user.
Enter the group-policy commands in global configuration mode to assign a group policy to users or to
modify a group policy for specific users.
The security appliance includes a default group policy. In addition to the default group policy, which you
can modify but not delete, you can create one or more group policies specific to your environment.
You can configure internal and external group policies. Internal groups are configured on the security
appliance's internal database. External groups are configured on an external authentication server, such
as RADIUS. Group policies include the following attributes:
•
•
Cisco Security Appliance Command Line Configuration Guide
30-30
Active Directory—Enforce Password Complexity
Default Group Policy, page 30-31
Configuring Group Policies, page 30-33
Identity
Server definitions
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01