https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029818#M998892 <P>Hello everyone!</P> <P></P> <P>I've got a Firepower v6.2 and I'm trying to configure ACLs including filtering by users. I managed to integrate the Firepower with Active Directory, that is I can download users and groups succesfully.&nbsp;</P> <P>I've already configured an Identity Policy included in the Standard Rules.&nbsp;The authentication is passive. However, when I'm trying to add an ACL in the users tab, there is a warning saying "Identity Policy with authentication rules required" and I can't add users to the ACL.&nbsp;</P> <P></P> <P>Any thoughts?.</P> <P></P> <P>Cheers,</P> <P></P> <P>Fernanda&nbsp;</P> Tue, 12 Mar 2019 13:24:16 GMT 2019-03-12T13:24:16Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029818#M998892 <P>Hello everyone!</P> <P></P> <P>I've got a Firepower v6.2 and I'm trying to configure ACLs including filtering by users. I managed to integrate the Firepower with Active Directory, that is I can download users and groups succesfully.&nbsp;</P> <P>I've already configured an Identity Policy included in the Standard Rules.&nbsp;The authentication is passive. However, when I'm trying to add an ACL in the users tab, there is a warning saying "Identity Policy with authentication rules required" and I can't add users to the ACL.&nbsp;</P> <P></P> <P>Any thoughts?.</P> <P></P> <P>Cheers,</P> <P></P> <P>Fernanda&nbsp;</P> Tue, 12 Mar 2019 13:24:16 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029818#M998892 2019-03-12T13:24:16Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029819#M998893 <P>Have you setup a Cisco User Agent in your domain (or have an alternate source of user to IP mapping like ISE/ISE-PIC available)?</P> <P>http://www.cisco.com/c/en/us/td/docs/security/firepower/621/configuration/guide/fpmc-config-guide-v621/user_identity_sources.html#ID-2225-00000063</P> <P></P> Fri, 19 May 2017 05:06:13 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029819#M998893 Marvin Rhoads 2017-05-19T05:06:13Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029820#M998894 <P>Hello Marvin</P> <P>Thanks for replying. Yes, I already did so. I've got a Cisco User Agent in my domain and the integration is correct. In fact, the users and groups were downloaded succesfully and it can be seen in the Task tab. I think the issue is that the Identify Policy has not been applied correctly. That's why when creating an ACL, the Firepower is not seeing the&nbsp;configured policy.</P> <P></P> <P>Regards,</P> <P>Fernanda</P> <P></P> <P></P> Fri, 19 May 2017 14:19:34 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029820#M998894 2017-05-19T14:19:34Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029821#M998895 <P>That may well be the case. Once you have created an Identity Policy you must explicitly reference it in your Access Control Policy.&nbsp;</P> <P>Here's where you do that:</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/fmc_acp_with_identity.png" class="migrated-markup-image" /></P> Fri, 19 May 2017 15:00:41 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029821#M998895 Marvin Rhoads 2017-05-19T15:00:41Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029822#M998896 <P>Great!. It worked!.</P> <P>Many thanks.</P> <P></P> Fri, 19 May 2017 19:50:26 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029822#M998896 2017-05-19T19:50:26Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029823#M998897 <P>You're welcome.</P> <P>Thanks for letting us know it's resolved and for the rating.</P> Sat, 20 May 2017 03:48:29 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3029823#M998897 Marvin Rhoads 2017-05-20T03:48:29Z https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3767885#M998898 <P>Marvin, I follow your posts very closely and they are almost always precise.&nbsp;</P> <P>&nbsp;</P> <P>Thank you.</P> Fri, 21 Dec 2018 14:24:53 GMT https://community.cisco.com/t5/network-security/firepower-6-2-identity-policy-with-authentication-rules-required/m-p/3767885#M998898 InTheJuniverse 2018-12-21T14:24:53Z