I wanted to implement FirePOWER rules based on AD groups so I installed and configured the FirePOWER User Agent. But it seems like the dual stack network ruins this solution, the AD authentication that is picked up by the User Agent and sent to FireSIGHT is mostly the IPv6 address (preferred by Windows clients) and the IPv4 address on the same workstation is not registered to the user.
So if any IPv4 traffic comes from the workstation of this user then FirePOWER only have a No Authentication/Unknown log for this traffic. Any rules using the AD user (or a AD group the user belongs to) will not trigger.
I guess this is an inherent problem with the AD authentication that the User Agent use, it can not find the corresponding IPv4 address the workstation is using.
Will ISE solve this? Will ISE have both IPv4 and IPv6 addresses logged for a user when they register on the network?
Or is there no solution for this in a dual stack environment?
I want to login to Mikrotik router through AAA (cisco ACS ) and I have added the MikroTik radius attributes to cisco ACS but its not working can any body help me regarding this issue if someone configured it kindly show how should I configure it .
The evolution of networking and security technology is driving how network engineers, security professionals, and software developers need to prepare for the jobs of today and the future. Cisco announced several updates to all of the certifications and in...
Cisco makes security for today's modern enterprise more efficient and secure everywhere - from the campus network to SD-WAN at the branch, and off-network activity in the cloud, or with mobile employees.
Cisco Defense Orchestrator
30-day free trial ...
Learn more about how Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Watch the demo today and post your questions i...