Cisco ASA Series Cli Configuration Manual page 903

Chapter 1 Configuring the Identity Firewall
received packets are queried and stored. See
of these options.
Monitoring Users for the Identity Firewall
You can display information about all users contained in the IP-user mapping database used by the
Identity Firewall.
Use the following options of the show user-identity command to obtain troubleshooting information for
the AD Agent:
•
•
These commands display the following information for users:
domain\user_name
domain\user_name
The default domain name can be the real domain name, a special reserved word, or LOCAL. The Identity
Firewall uses the LOCAL domain name for all locally defined user groups or locally defined users (users
who log in and authenticate by using a VPN or web portal). When default domain is not specified, the
default domain is LOCAL.
The idle time is stored on a per user basis instead of per the IP address of a user.
Note
The first three tabs in the
If the commands user-identity action domain-controller-down domain_name
disable-user-identity-rule is configured and the specified domain is down, or if user-identity action
ad-agent-down disable-user-identity-rule is configured and AD Agent is down, all the logged on users
have the status disabled.
show user-identity user all list
show user-identity user active user domain\user-name list detail
Status (active or inactive)
Active Connections
Configuring Identity Options, page 1-13
Connections
Minutes Idle
Cisco ASA Series CLI Configuration Guide
Monitoring the Identity Firewall
for a description
Minutes Idle
1-23