Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

Identity policy using LDAP with SFR 6.2

Mario Manzano
Level 1
Level 1

‎01-30-2017 12:01 PM - edited ‎03-12-2019 01:51 AM

Hello everyone!

Thank you in advanced for reading!

We have a NGFW with a sensor running version 6.2 that presents with a problem, seemingly at random. The FW, is configured to authenticate AD users using the CISCO Agent, installed on a server which has links to both our primary and backup controllers. All is working on the agent side, it has the correct mapping, ip address, refreshes as expected, etc.

We've had instances where the user can NOT browse, the sensor shows an "unknown" user (although shows in the events as "allowed"), but the FW does not prompt for credentials to the client, nor refreshes or sees the mapping in question; internet explorer keeps spinning. However, by logging on as someone else, it starts working fine with that other users' credentials, without prompting; it just goes.

How can this be tracked? How to know what the problem is, or where it resides? .... Changing IP addresses does not solve it, resetting the password of the original user with the problem does not solve it... I'm confused as to where to look and what can be causing this.

Thank you and have a great day!

Labels:
0 Helpful
1 Reply 1

Mario Manzano
Level 1
Level 1

‎02-01-2017 05:51 AM

... UPDATE...

As it turns out, I was looking in all the right places; I ended up contacting TAC and they discovered, after dropping a script that the defense center is not syncing with the sensor. This may be a bug.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card