Security policy firewall authentication now provides user identities for user role firewall provisioning

User identity information, maintained by firewall authentication, can also be mapped to the user's IP address and used for user role firewall enforcement. A new UIT, the firewall authentication table, provides firewall authentication data for username and role retrieval. When users authenticate to the firewall, usernames and roles (groups) are mapped to IP addresses and written to the firewall authentication table. The following command enables the firewall authentication table as an authentication source and specifies its priority among other available UITs: set security user-identification authentication-source firewall-authentication priority priority The firewall authentication table is propagated when a security policy permits firewall authentication and specifies the new type, user-firewall. Users are authenticated based on the access-profile configured for the policy. To trigger firewall authentication for HTTPS traffic, you also need to specify the SSL termination profile. This option is not needed for HTTP traffic. set security policies from-zone zone to-zone zone policy policy-name then permit firewall-authentication user-firewall access-profile profile-name ssl-termination-profile profile-name