collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.

Author Topic: Firepower - User identification in the analysis connections events  (Read 5973 times)

Offline sparky1

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
  • Certification: CCNP
Hi, trying to configure firepower v6.1 so that users are identified correctly in the analysis, connection events. I've got multiple realms configured which are all tied to their own AD servers, so can view all of the users in each group. However when users log on via captive portal it doesn't appear to be utilising the domain association within the connection events. The users are hot-office so can move around the country to various company offices and therefore cannot be restricted to a particular subnet correlating to a particular realm. I've got a test user associated to 3 realms but only appear to be hitting the first realm configured. Is it possible to have the FMC / Sensor configured to match users logging on into any realm, to be identified correctly in the connection events ?

Hope this is clear, thank you for any assistance.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 387
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Firepower - User identification in the analysis connections events
« Reply #1 on: December 05, 2016, 06:44:39 PM »
Hi.. Welcome to the forum. So just to be clear, you have a user with the same username that exists in three different domains(realm)? Are you using passive or active authentication? What happen if you use username@domain.com format?

Offline sparky1

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
  • Certification: CCNP
Re: Firepower - User identification in the analysis connections events
« Reply #2 on: December 07, 2016, 01:02:12 AM »
Hi, the same username is in 3 different realms though there are 7 realms in all. I have actually received a response from Cisco TAC, it's just take several weeks to get this far and thought I'd put the query into this forum to see if any other's had similar issues.

The answer from Cisco is that the FMC v6.1 does not support more than two realms, in a single context, and even support of two realms is a workaround, with the first realm having the source subnet referenced as "0.0.0.0/0" equivalent to "any" and the second realm having the default "any" source subnet

A feature request has been submitted to Cisco to allow more than two realms with no workarounds but it's new so will be some time, if at all, before this feature is provided.

Hope this helps any one else reviewing this product.

Regards :)

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 387
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Firepower - User identification in the analysis connections events
« Reply #3 on: December 08, 2016, 11:08:10 PM »
You gotta love Cisco .. If it's not supported, why let you add them, right? Thanks for the update. It's really helpful.

 

Related Topics

  Subject / Started by Replies Last post
2 Replies
14347 Views
Last post February 03, 2014, 07:16:25 AM
by alicemurphy
10 Replies
15602 Views
Last post September 04, 2018, 08:20:52 PM
by MC
1 Replies
4522 Views
Last post March 07, 2016, 11:10:44 PM
by MC
8 Replies
10913 Views
Last post April 25, 2016, 09:41:01 PM
by MC
3 Replies
4178 Views
Last post June 22, 2017, 10:03:19 PM
by MC

SimplePortal 2.3.7 © 2008-2021, SimplePortal