cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
259
Views
0
Helpful
3
Replies
Beginner

Cisco ISE logs via AD User-Agent

Hi

 

I am collecting User-IP mapping via User-Agent quarrying the AD servers. But my wireless users authenticate via ISE and I don't see those uses in FMC. Is there a way to configure FMC to get logs from ISE (without PXGrid) or configure something on Windows Auditing to log Cisco ISE authentications?

 

Thanks

3 REPLIES 3
Hall of Fame Guru

Re: Cisco ISE logs via AD User-Agent

For the ISE-authenticated users you should add ISE as an Identity source for your FMC. It does require using pxGrid.

Beginner

Re: Cisco ISE logs via AD User-Agent

In our case not all the devices uses ISE, like wired client do not use ISE.

I believe I am restricted to use either ISE or user-agent, is there any way audit and log authentication logs from ISE to AD audit logs.

Hall of Fame Guru

Re: Cisco ISE logs via AD User-Agent

I have not tested the results but you can configure both ISE and User Agent identity sources for a given FMC.

More details on identity sources can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/introduction_to_network_discovery_and_identity.html#concept_6C9FF477EEB643FD80818C0FAA91DAB3