cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Ask the Expert- Smart Licensing in Enterprise Switches and Routers
146
Views
0
Helpful
0
Replies
Highlighted
Beginner

FirePOWER User Agent and dual stack IPv4+IPv6

I wanted to implement FirePOWER rules based on AD groups so I installed and configured the FirePOWER User Agent. But it seems like the dual stack network ruins this solution, the AD authentication that is picked up by the User Agent and sent to FireSIGHT is mostly the IPv6 address (preferred by Windows clients) and the IPv4 address on the same workstation is not registered to the user.

 

So if any IPv4 traffic comes from the workstation of this user then FirePOWER only have a No Authentication/Unknown log for this traffic. Any rules using the AD user (or a AD group the user belongs to) will not trigger.

 

I guess this is an inherent problem with the AD authentication that the User Agent use, it can not find the corresponding IPv4 address the workstation is using.

 

Will ISE solve this? Will ISE have both IPv4 and IPv6 addresses logged for a user when they register on the network?

 

Or is there no solution for this in a dual stack environment?

 

Roger

 

Everyone's tags (3)