https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4641989#M575842 <P class="line" style="white-space: pre-wrap;">I have only one operational DC from where user Agent are getting userid/ip mapping info. Even though there are 1 other DC added at User agent but other 1 are part of Test Site.</P> <DIV class="header-content"> <P class="line" style="white-space: pre-wrap;">&nbsp;</P> <UL> <LI> <P class="line" style="white-space: pre-wrap;">How to confirm which dc actually providing user id and ip mapping to the user agent.</P> </LI> <LI> <P class="line" style="white-space: pre-wrap;">Refer to below doc and based on my current scenario, if technically user agent connecting to one dc which is not listed in user agent while knowing DC's do not share the security events ?</P> </LI> </UL> <P>&nbsp;</P> <P><STRONG>Cisco reference quote</STRONG></P> <P>&nbsp;</P> <P class="line" style="white-space: pre-wrap;">**<A href="https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html#88746" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html#88746</A></P> <P class="line" style="white-space: pre-wrap;">&nbsp;</P> <P class="line" style="white-space: pre-wrap;">If your Active Directory system has multiple domain controllers, enter the host name or IP address of the domain controller with which you want the user agent to communicate. (Active Directory domain controllers don’t share their security logs so you must have a separate user agent connection to each controller.) In a distributed or heavily trafficked system, you can optionally install more than one user agent as discussed in Deploy Multiple User Agents.**</P> <P class="line" style="white-space: pre-wrap;">&nbsp;</P> </DIV> <P>&nbsp;</P> Thu, 30 Jun 2022 19:00:33 GMT MSJ1 2022-06-30T19:00:33Z https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4641989#M575842 <P class="line" style="white-space: pre-wrap;">I have only one operational DC from where user Agent are getting userid/ip mapping info. Even though there are 1 other DC added at User agent but other 1 are part of Test Site.</P> <DIV class="header-content"> <P class="line" style="white-space: pre-wrap;">&nbsp;</P> <UL> <LI> <P class="line" style="white-space: pre-wrap;">How to confirm which dc actually providing user id and ip mapping to the user agent.</P> </LI> <LI> <P class="line" style="white-space: pre-wrap;">Refer to below doc and based on my current scenario, if technically user agent connecting to one dc which is not listed in user agent while knowing DC's do not share the security events ?</P> </LI> </UL> <P>&nbsp;</P> <P><STRONG>Cisco reference quote</STRONG></P> <P>&nbsp;</P> <P class="line" style="white-space: pre-wrap;">**<A href="https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html#88746" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html#88746</A></P> <P class="line" style="white-space: pre-wrap;">&nbsp;</P> <P class="line" style="white-space: pre-wrap;">If your Active Directory system has multiple domain controllers, enter the host name or IP address of the domain controller with which you want the user agent to communicate. (Active Directory domain controllers don’t share their security logs so you must have a separate user agent connection to each controller.) In a distributed or heavily trafficked system, you can optionally install more than one user agent as discussed in Deploy Multiple User Agents.**</P> <P class="line" style="white-space: pre-wrap;">&nbsp;</P> </DIV> <P>&nbsp;</P> Thu, 30 Jun 2022 19:00:33 GMT https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4641989#M575842 MSJ1 2022-06-30T19:00:33Z https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4642068#M575847 <P>This appears to be more of a Firepower question than one related to ISE/NAC. I would suggest moving/posting your question to the <A href="https://community.cisco.com/t5/network-security/bd-p/discussions-network-security" target="_blank" rel="noopener">Network Security</A> community section.</P> Thu, 30 Jun 2022 22:46:57 GMT https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4642068#M575847 Greg Gibbs 2022-06-30T22:46:57Z https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4643383#M575902 <P>ok did that.</P> Mon, 04 Jul 2022 12:26:13 GMT https://community.cisco.com/t5/network-access-control/how-security-event-is-shared-between-dc-s/m-p/4643383#M575902 MSJ1 2022-07-04T12:26:13Z