Lab Minutes Forum

Technical Discussion => Security => Topic started by: jhinckley on June 13, 2017, 11:55:50 AM

Title: Firepower - Certain AD user won't show in connection events
Post by: jhinckley on June 13, 2017, 11:55:50 AM
Hello,

I'm running vFMC version 6.1.0.4 (build 17) against a 5516-X with fp module.  I have a long TAC history with this installation (going as far back as version 5.0.4) and the AD agent has been a huge source of grief up until this point.

At any rate, I finally got it working and in production with the help of TAC but now I'm having a problem with one user in particular.  The user was downloaded just fine and even shows up in the user activity.  However, FMC absolutely refuses to show any connection events for this user.  I can navigate to the host under the network map and I can see where the user is mapped to the IP and even see all the protocols used etc.

I'm not sure what to do at this point as TAC developers are scratching their heads over this one.  Any advice is appreciated.

Thanks,
John
Title: Re: Firepower - Certain AD user won't show in connection events
Post by: MC on June 15, 2017, 11:14:46 PM
Hi John, Is your only problem is not seeing connection log for the user while access control is being enforced correctly or user connection is not even matching your access control rules. I assume you other users work just fine matching the same rule this user supposes to match?
Title: Re: Firepower - Certain AD user won't show in connection events
Post by: jhinckley on June 16, 2017, 12:03:17 AM
TAC was able to resolve this problem and the connections are showing up for the missing users but now we are hitting a new bug where these same users are not matching rules that they should be matching.  The users are members of security groups that are configured in permit & block rules but they are not matching any of those rules now. 

It's very strange.  TAC has escalated to development (again) but who knows when they will straighten this one out.
Title: Re: Firepower - Certain AD user won't show in connection events
Post by: MC on June 22, 2017, 10:03:19 PM
I assume you already have realm configured and Domain User groups for that user downloaded, correct?
SimplePortal 2.3.7 © 2008-2024, SimplePortal