topic Re: FTP - Creating AD Realm in cdFMC in Network Security

FTP - Creating AD Realm in cdFMC

carl.townshend — Mon, 16 Dec 2024 16:16:38 GMT

Hi Guys

I am creating an AD Realm in cdFMC via CDO so I can authenticate VPN users using AD.

I have created the realm and added my AD servers in there, selected the FW as the proxy as the requests need to come from the Firewall, it should use the routing table on the FW to route to the domain controllers

However when I click test, it fails.

I have done a packet capture on the inside interface where the firewall connects to the domain controllers and I see nothing coming from the Firewall at all.

Any ideas why its not working guys?

Re: FTP - Creating AD Realm in cdFMC

Aref Alsouqi — Mon, 16 Dec 2024 16:24:35 GMT

Could you please try to select "Choose an interface" and select the interested interface from the list and test again?

Re: FTP - Creating AD Realm in cdFMC

carl.townshend — Mon, 16 Dec 2024 16:30:14 GMT

When I do that, nothing happens

Re: FTP - Creating AD Realm in cdFMC

Aref Alsouqi — Tue, 17 Dec 2024 09:58:51 GMT

Seems as the firewall is not fully configured yet? maybe its data interfaces are not configured yet?

Re: FTP - Creating AD Realm in cdFMC

carl.townshend — Tue, 17 Dec 2024 11:43:08 GMT

Hi, the box you mentioned will only be populated if you have created interface groups.

I have sort of found an issue, basically the packets are sourced from a 169.254.1.3 address which I believe to be the internal management IP, I have created a NAT for this to NAT it to the ip of the inside interface.

It is still failing so now i'm looking at the Realm parameters

Re: FTP - Creating AD Realm in cdFMC

Aref Alsouqi — Tue, 17 Dec 2024 12:31:12 GMT

The IP 169.254.1.3 is an APIPA IP and that suggests the management interface is not even getting/configured with the right IP.

Re: FTP - Creating AD Realm in cdFMC

vishalbhandari — Tue, 17 Dec 2024 16:35:52 GMT

If you are not seeing any traffic from the firewall to the domain controllers when testing the AD Realm configuration in cdFMC via CDO, the issue could be related to configuration, routing, or the way the firewall is handling the traffic for AD authentication.