Solved: Cisco Active Directory agent - no hits on FMC

ohareka70 · ‎01-17-2020

Hello,

I have created my Realm and its enabled -I have added the directory server from the Active Directory domain as an agent and its reporting as working ok. I have the cisco agent installed on the agent server

I have created the identity policy and identity rule

I have created the access policy and two test control rules

I have tested my ruleset (access policy built). I am trying to get an interactive block on users using RDP or dropbox but i dont see any hits on the FMC and its not blocking anything. I am not seeing anything blocked in connection events

any advice is welcome

Muhammad Awais Khan · ‎01-20-2020

Hi,

Can you test by removing the user group from policy ? How this test user is connected, through domain-PC with wired Network or wireless from Domain-PC/other device ?

I suspect User AD agent is not getting authentication logs for this user. I find usually it happens when user is not using domain-PC and wired-network with readability to AD. If policy 7 works without user then this might be the case. Can you update the policy without the user and test with user using domain-provided PC with wired network ?

View solution in original post

Muhammad Awais Khan · ‎01-19-2020

Hi,

Can you please share snapshot from your access control policy ?

ohareka70 · ‎01-20-2020

Here you go - thanks

Muhammad Awais Khan · ‎01-20-2020

Hi,

You have configured policy 8 & 9 for URL Blocking. For Policy 8, i can see you define source-network. Everything else looks fine but can you confirm user belongs to source network defined in the snapshot ?

For Policy 9, i dont think it is going to work unless you configure SSL decryption.

ohareka70 · ‎01-20-2020

if i could get Policy 7 working i would be happy. I am a member of the telecomms group in active directory and my IP is in the 10.230.1.64 range. But it is not blocking me when i try to login to a server on the 192.168.12.0 network. Its not showing anything in the logs. I am not too sure what i am missing from my setup

Muhammad Awais Khan · ‎01-20-2020

Hi,

Can you test by removing the user group from policy ? How this test user is connected, through domain-PC with wired Network or wireless from Domain-PC/other device ?

I suspect User AD agent is not getting authentication logs for this user. I find usually it happens when user is not using domain-PC and wired-network with readability to AD. If policy 7 works without user then this might be the case. Can you update the policy without the user and test with user using domain-provided PC with wired network ?

ohareka70 · ‎01-21-2020

Hi,

the user group is from the policy and its connected through a domain-PC with wired Network

for now i am happy that the FTD can block access to http and tcp/3389 if required (i tested it ok)
i just need to get the AD Realm bit working with the correct downloaded users/groups and retest

i'll leave https traffic for now - i wont be using SSL encryption for another 3-6 months

thanks for you advice

Much appreciated

Muhammad Awais Khan · ‎01-21-2020

Glad to hear that it worked out for you. Good luck for rest of the tests. Reach out to community if you face further issue :)