https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996183#M934674 <P>User Agent to FMC should support strong ciphers.</P> <P>Reference:&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html</A></P> <P>Is your User Agent running on the DC itself?</P> Tue, 10 Dec 2019 03:11:10 GMT Marvin Rhoads 2019-12-10T03:11:10Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3995951#M934673 <P>Can someone please confirm if the Firepower user agent 2.4 supports TLSV1.2? I disabled TLSV1.0 in my Windows Domain Controller 2016 and I'm not getting any mappings anymore, thank you.</P> Fri, 21 Feb 2020 17:45:13 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3995951#M934673 borman.bravo 2020-02-21T17:45:13Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996183#M934674 <P>User Agent to FMC should support strong ciphers.</P> <P>Reference:&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/ConfigAgent.html</A></P> <P>Is your User Agent running on the DC itself?</P> Tue, 10 Dec 2019 03:11:10 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996183#M934674 Marvin Rhoads 2019-12-10T03:11:10Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996521#M934675 Hi Marvin, yes it is running in the domain controllers, thanks Tue, 10 Dec 2019 14:32:28 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996521#M934675 borman.bravo 2019-12-10T14:32:28Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996904#M934676 <P>I would recommend reaching out to Cisco TAC to have this verified but the last time I checked the User Agent only supported TLSv1.0.&nbsp;</P> <P><EM>Thank you for rating helpful posts!</EM></P> Wed, 11 Dec 2019 03:13:03 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/3996904#M934676 nspasov 2019-12-11T03:13:03Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4007148#M934677 <P>Thank you for your reply and Happy New Year!</P><P>The article you referred me to has no mention of TLS v1.2 support for User Agent which is the question I had, would you know if this is supported in 6.4?</P> Mon, 06 Jan 2020 19:17:04 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4007148#M934677 borman.bravo 2020-01-06T19:17:04Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4063444#M1069072 <P>I'm seeing a similar issue.&nbsp; According to this, no.&nbsp;&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve30062/?rfs=iqvred" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve30062/?rfs=iqvred</A></P><P>&nbsp;</P><P>I'm flabbergasted by the suggested&nbsp; workaround.&nbsp; &nbsp;Is this a push to get people off the FREE User agent and requiring a&nbsp; license ICE product.........</P><P>&nbsp;</P><P><STRONG>CSCve30062</STRONG></P><P><STRONG>Symptom:</STRONG><BR /><SPAN>User agent cannot communicate with the Firepower Management Center. The following error is displayed on the user agent:</SPAN><BR /><BR /><SPAN>[The client and server cannot communicate, because they do not possess a common algorithm]</SPAN><BR /><BR /><STRONG>Conditions:</STRONG><BR /><SPAN>The server hosting the user agent has TLS 1.0 disabled.</SPAN><BR /><BR /><STRONG>Workaround:</STRONG><BR /><SPAN>Enable TLS 1.0 on the machine where user agent is running. If security policy forbids enabling TLS 1.0 on that machine, install the user agent on a different machine. (For security reasons, you might not want the TLS 1.0 to run on your Active Directory server, for example.)</SPAN></P> Fri, 10 Apr 2020 14:07:21 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4063444#M1069072 dotran 2020-04-10T14:07:21Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4076576#M1069651 <P>It definitely is, the user agent is going out of support and our fixes are to either re-enable TLS 1.0 (can't happen) or utilize ISE-PIC. We don't currently utilize ISE in our environment, so in order to have this functionality we would have to bring it in.&nbsp;</P><P>&nbsp;</P> Wed, 29 Apr 2020 18:31:35 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4076576#M1069651 Joshua Edwards 2020-04-29T18:31:35Z https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4076646#M1069660 <P>Yes, that is my understanding as well now, was informed by TAC that ISE-PIC was the recommended approach...either that or replace with Palos <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P> Wed, 29 Apr 2020 19:52:29 GMT https://community.cisco.com/t5/network-security/cisco-firepower-user-agent-support-for-tlsv1-2/m-p/4076646#M1069660 borman.bravo 2020-04-29T19:52:29Z