topic Re: Active directory password shown in firepower in Network Security

Active directory password shown in firepower

raymondluis13 — Fri, 07 Oct 2022 06:10:10 GMT

So, i integrate identity policy on firepower with my active directory. All works, but there one problem. Somehow when i see the traffics log, i can see the user password.

Anyone know why this happen?

For my use case, i just want to use identity policy for visibility in traffics. Thank you

Re: Active directory password shown in firepower

Kasun Bandara — Fri, 07 Oct 2022 06:47:02 GMT

use LDAPS

Re: Active directory password shown in firepower

Aref Alsouqi — Fri, 07 Oct 2022 11:55:39 GMT

Are you referring to which logs in specific? The downside of using the normal LDAP is that LDAP does not apply any encryption, this is why you should move to LDAPs which uses certificates so its traffic encrypted.

Re: Active directory password shown in firepower

raymondluis13 — Mon, 10 Oct 2022 10:06:16 GMT

hi, thanks for the response. apparently one of my AD server use PFX certificate. PFX certificate contain private key and public key, instead of normal certificate that only contain public key. What should i do about it? should i extract the .cert file from PFX or should i change the server certificate to .cert?

Re: Active directory password shown in firepower

Aref Alsouqi — Mon, 10 Oct 2022 10:20:38 GMT

The certificate that you would need to import into the FTD and associate it to LDAPS is the issuer certificate (or root CA cert) of the AD certificate.