Cisco ISE logs via AD User-Agent

Sakun Sharma · ‎10-22-2019

Hi

I am collecting User-IP mapping via User-Agent quarrying the AD servers. But my wireless users authenticate via ISE and I don't see those uses in FMC. Is there a way to configure FMC to get logs from ISE (without PXGrid) or configure something on Windows Auditing to log Cisco ISE authentications?

Thanks

Marvin Rhoads · ‎10-22-2019

For the ISE-authenticated users you should add ISE as an Identity source for your FMC. It does require using pxGrid.

Sakun Sharma · ‎10-22-2019

In our case not all the devices uses ISE, like wired client do not use ISE.

I believe I am restricted to use either ISE or user-agent, is there any way audit and log authentication logs from ISE to AD audit logs.

Marvin Rhoads · ‎10-22-2019

I have not tested the results but you can configure both ISE and User Agent identity sources for a given FMC.

More details on identity sources can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/introduction_to_network_discovery_and_identity.html#concept_6C9FF477EEB643FD80818C0FAA91DAB3