https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051807#M1110464 <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63679" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63679</A></P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63678" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63678</A></P> Thu, 28 Mar 2024 04:09:55 GMT Pulkit Mittal 2024-03-28T04:09:55Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051122#M1110422 <P>Hi Community,</P><P>I'm have an issue getting external authentication working on my FMC managed FTDs(firepower 2100s). I have configured the remote authentication server under in the FMC settings and then navigated over to platform settings to enable it on the FTD. I deployed the config to the FTD but it doesn't actually make any changes to the FTD, i can tell this because i login to the FTD directly and can see that none of the LDAP settings are populated, and that the "set authentication default" command is still set to local rather then LDAP.</P><P>Anyone had any success with this?</P> Wed, 27 Mar 2024 00:18:39 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051122#M1110422 WillDudeGuy 2024-03-27T00:18:39Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051261#M1110432 <P>This for admin or for RA VPN?</P> <P>MHM</P> Wed, 27 Mar 2024 09:03:33 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051261#M1110432 MHM Cisco World 2024-03-27T09:03:33Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051272#M1110433 <P>For admin</P> Wed, 27 Mar 2024 09:15:13 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051272#M1110433 WillDudeGuy 2024-03-27T09:15:13Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051347#M1110439 <P>Can I see</P> <P>Devics&gt;Platfrom Settings&gt;External Authentication</P> <P>MHM</P> Wed, 27 Mar 2024 11:33:57 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051347#M1110439 MHM Cisco World 2024-03-27T11:33:57Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051768#M1110459 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot from 2024-03-28 00-15-11.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/214071i3DE413C3B511726F/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot from 2024-03-28 00-15-11.png" alt="Screenshot from 2024-03-28 00-15-11.png" /></span></P><P>Also, watched the deployment of the firepower after i enabled the ldap in platform settings and wasn't able to see the creation of the server.</P><P>I would expect to see the following but i dont:<BR />2024-03-27T04:23:56+00:00 firewall : %FTD-6-199018: FPRM: &lt;&lt;%FPRM-6-AUDIT&gt;&gt; [admin][clish][modification][clish][11199498][sys/ldap-ext][attribute(Old:, New:uid), basedn(Old:, New:cn=accounts,dc=ccc,dc=local), filter(Old:, New:&amp;amp;(|(objectclass=person))(|(memberOf=cn=fwladmin,cn=groups,cn=accounts,dc=ccc,dc=local))), name(Old:, New:AUTHSERVER), retries(Old:1, New:3), shellaccessuserlist(Old:, New:user1,user2,user3,user4), tlscacertificate(Old:, New:-----BEGIN CERTIFICATE-----#015<BR />2024-03-27T04:23:56+00:00 firewall : %FTD-6-199018: FPRM: &lt;&lt;%FPRM-6-AUDIT&gt;&gt; [admin][clish][creation][clish][11199499][sys/ldap-ext/provider-authserver.ccc.local][enableSSL:on, key:****, name:firewall.ccc.local, order:1, port:636, retries:1, rootdn:uid=ldapbind,cn=sysaccounts,cn=etc,dc=ccc,dc=local, timeout:30, vendor:Other][] LDAP server authserver.ccc.local created<BR />2024-03-27T04:23:57+00:00 firewall : %FTD-6-199018: FPRM: &lt;&lt;%FPRM-6-AUDIT&gt;&gt; [admin][clish][modification][clish][11199503][sys/auth-realm][defLogin(Old:local, New:ldap)][] Authentication realm modified<BR />2024-03-27T04:23:57+00:00 firewall : %FTD-6-199018: FPRM: &lt;&lt;%FPRM-6-AUDIT&gt;&gt; [admin][clish][modification][clish][11199504][sys/auth-realm/default-auth][realm(Old:local, New:ldap)][] Default authentication configuration modified<BR /><BR /><BR /></P> Thu, 28 Mar 2024 00:34:33 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051768#M1110459 WillDudeGuy 2024-03-28T00:34:33Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051807#M1110464 <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63679" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63679</A></P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63678" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63678</A></P> Thu, 28 Mar 2024 04:09:55 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051807#M1110464 Pulkit Mittal 2024-03-28T04:09:55Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051813#M1110465 <P>??? whilst i appreciate you trying to help me out, posting configuration guides do nothing to help resolve the issue.</P> Thu, 28 Mar 2024 04:16:52 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051813#M1110465 WillDudeGuy 2024-03-28T04:16:52Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051815#M1110466 <P>If you have followed the steps right, then I suggest open a TAC case mate.</P> Thu, 28 Mar 2024 04:36:21 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051815#M1110466 Pulkit Mittal 2024-03-28T04:36:21Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051881#M1110469 <P>First we talk about admin FTD not FMC&nbsp;</P> <P>The config you share&nbsp;</P> <P>1- you enable external&nbsp;</P> <P>2- you need to select ssh and http when you add external authentication&nbsp;</P> <P>3-you use ssl with ldap' this can be issue if ftd dont have CA and identity cert. Then it can not connect to ladp using ssl</P> <P>Do above and try access using ssh to ftd</P> <P>MHM</P> Thu, 28 Mar 2024 08:14:04 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5051881#M1110469 MHM Cisco World 2024-03-28T08:14:04Z https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5235468#M1118139 <P>I am also having a similar problem, FPR2100 series FTDs. The external authentication settings are configured under the platform settings but the FMC doesnt seem to push them out to the FTDs.</P><P>It works with ASAs running FTD code and strangely with a pair of FPR1140s but I'm able to see user accounts under "show users" on the FTD CLI.</P><P>Seems to be related to this bug - <A href="https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr27850" target="_blank">https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr27850</A></P> Wed, 11 Dec 2024 14:08:51 GMT https://community.cisco.com/t5/network-security/ftd-external-authentication-bugged/m-p/5235468#M1118139 Netadmins Brightsolid 2024-12-11T14:08:51Z