04-19-2024 03:10 AM
Hello ,
I have cisco FPR 7.2.5 managed by FMC.
i want to make ACP rule and filter group user from AD/LDAP. For example one group from AD have FULL internet access other is Limited Internet access.
Can i make it without ISE, ISE-PIC. It is enough only have make integration with AD/LDAP and create Identity policy or i have to go with ISE-PIC.
Does anybody have same experience, please share with us?
Thank you very much.
04-19-2024 03:22 AM
Yes you can do that with ISE-PIC, please check this video of how to integrate ISE with the FMC, and also this post of mine that might be helpful:
Firepower Management Center (FMC) - User Agent transition to ISE-PIC (youtube.com)
Integrate FMC with ISE using pxGrid | Blue Network Security (bluenetsec.com)
04-19-2024 03:31 AM
thank you vey much.
It is possible make without ISE-PIC.
04-19-2024 03:38 AM
I don't believe so as @Ken Stieers also mentioned. Back in the day we used to have another option which was a little software we used to install on Windows to share the user-IP mapping, but that was deprecated and replaced with ISE.
04-19-2024 03:43 AM
04-19-2024 03:52 AM
Yeah that's right, I'd created a post about it while ago, I didn't know about the free licenses though.
Cisco Firepower User Agent | Blue Network Security (bluenetsec.com)
04-19-2024 03:36 AM
04-19-2024 04:26 AM
https://rayka-co.com/lesson/cisco-ftd-network-discovery-policy/
This can be done by active nmap'
The active nmap can use in ACP to make user access network resource according to reuslt of scan
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide