Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
5
Helpful
0
Replies

FirePower doesn't work when use Active Directory Group as a filter in Access Control Rule

suradech.por
Level 1
Level 1

‎04-24-2016 08:12 AM

I'm doing PoV of Cisco ASA with FirePower with my customer. I would like to integrate firepower to MS Active Directory. Everything seem work properly.


- Installation of Firepower user agent complete successfully. Connection to AD work fine. Log is GREEN.

- I created a Realm in FireSight and can download users and groups from Active Directory.

- I created an identity policy with passive authentication (using the Realm I've created)

- I can use AD "user" account as a filter in access control rule and it work just fine.

However if I create access control rule with AD "Group", the rule never get match. I'm sure that the user I test is a member of the group. Connection Event show that the system skip that rule and the traffic then is blocked by default action below. It look like Firepower doesn't know that the user belong to the group.

I'm using

- Firepower user agent for Active Directory v2.3 build 10.

- ASA 5515 Software Version 9.5(2)

- FirePower module version 6.0.0-1005

- Firepower Management Center for VMWare

Any suggestion would be appreciated. Thanks in advance.

2 people had this problem
Labels:
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card