collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Firepower User Agent Problem  (Read 13375 times)

Offline robin

  • Cisco Newbie
  • *
  • Posts: 13
  • Reputation: 1
  • Certification: CCIE
Firepower User Agent Problem
« on: March 31, 2016, 08:09:37 AM »
Hi MC,

I tried to build the Mapping between AD(win2k) to FMC(ver 6.0.1), so I used the User Agent(ver 2.3(10)), I got the successful Infos from User Agent(Attachment). and i could download the groups and users from Realms. But I got nothing in Analysis-->Users--> Users or User Activity...

Could you give me any ideas to find what is wrong?

Thanks

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Firepower User Agent Problem
« Reply #1 on: March 31, 2016, 08:45:58 PM »
Did you add User Agent as Identity Source and enable user discovery under Discovery?

Offline robin

  • Cisco Newbie
  • *
  • Posts: 13
  • Reputation: 1
  • Certification: CCIE
Re: Firepower User Agent Problem
« Reply #2 on: April 01, 2016, 12:37:32 AM »
Yes, I have already done with those two.
I did the tcpdump too, and I got the Infos(Attachment).

Offline Pacerfan9

  • Cisco Newbie
  • *
  • Posts: 9
  • Reputation: 2
  • Certification: CCNP
Re: Firepower User Agent Problem
« Reply #3 on: April 03, 2016, 10:29:25 AM »
Under Table View of Connection Events is it saying “No Authentication Required?”

I am not sure why it is necessary but removing the source filter from my identity policy resolved the issue.

See You are not allowed to view links. Register or Login for more info.


Offline robin

  • Cisco Newbie
  • *
  • Posts: 13
  • Reputation: 1
  • Certification: CCIE
Re: Firepower User Agent Problem
« Reply #4 on: April 04, 2016, 01:02:57 AM »
Hi Pacerfan9,

Thanks for the infos. My Problem is not “No Authentication Required”, it is "Unknow". Now I found the solusions, it need to set Logon/logoff success in Windows Server.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Firepower User Agent Problem
« Reply #5 on: April 04, 2016, 08:42:33 PM »
That was the next thing I was gonna ask if you allowed the agent AD account to have access to Windows logon accounting and if you have Windows logon/off accounting turned on. Glad it is working for you now.  :)

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Firepower User Agent Problem
« Reply #6 on: April 04, 2016, 08:47:45 PM »
You are not allowed to view links. Register or Login
Under Table View of Connection Events is it saying “No Authentication Required?”

I am not sure why it is necessary but removing the source filter from my identity policy resolved the issue.

See You are not allowed to view links. Register or Login for more info.

Hi Pacerfan9, this actually might be a solution to my other problem I am dealing with, although in my case user shows up as unknown regardless of the user is already mapped in the User table. I believe we might have Source IP specified under Identity Policy. Will try to remove it and see what happen. Definitely sounds like a bug.

Offline Mikep

  • Cisco Newbie
  • *
  • Posts: 21
  • Reputation: 5
  • Certification: CCNP
Re: Firepower User Agent Problem
« Reply #7 on: April 25, 2016, 05:58:35 PM »
Do you have a an Identity policy created and assigned to your access policy?

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Firepower User Agent Problem
« Reply #8 on: April 25, 2016, 09:41:01 PM »
You are not allowed to view links. Register or Login
Do you have a an Identity policy created and assigned to your access policy?
Yes.. The majority of users work but there are a few that still show as unknown even though we know it should have matched the Identity policy.

 

Related Topics

  Subject / Started by Replies Last post
2 Replies
7242 Views
Last post December 07, 2013, 11:45:35 AM
by adecisco
0 Replies
5737 Views
Last post March 10, 2014, 12:25:04 AM
by adecisco
1 Replies
7255 Views
Last post May 19, 2014, 10:02:56 PM
by MC
3 Replies
7744 Views
Last post December 08, 2016, 11:08:10 PM
by MC
3 Replies
5653 Views
Last post June 22, 2017, 10:03:19 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal