Cisco FPR 7.2.5 ACP filter user per AD/LDAP users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:10 AM
Hello ,
I have cisco FPR 7.2.5 managed by FMC.
i want to make ACP rule and filter group user from AD/LDAP. For example one group from AD have FULL internet access other is Limited Internet access.
Can i make it without ISE, ISE-PIC. It is enough only have make integration with AD/LDAP and create Identity policy or i have to go with ISE-PIC.
Does anybody have same experience, please share with us?
Thank you very much.
- Labels:
-
Integrated Security
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:22 AM
Yes you can do that with ISE-PIC, please check this video of how to integrate ISE with the FMC, and also this post of mine that might be helpful:
Firepower Management Center (FMC) - User Agent transition to ISE-PIC (youtube.com)
Integrate FMC with ISE using pxGrid | Blue Network Security (bluenetsec.com)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:31 AM
thank you vey much.
It is possible make without ISE-PIC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:38 AM
I don't believe so as @Ken Stieers also mentioned. Back in the day we used to have another option which was a little software we used to install on Windows to share the user-IP mapping, but that was deprecated and replaced with ISE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:43 AM
When they deprecated it they gave away IasEPiC licenses for a while. I'm not sure if that's still the case.
WSA/ASA used to have the CDA, which did the same thing... Umbrella VAs do it too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:52 AM
Yeah that's right, I'd created a post about it while ago, I didn't know about the free licenses though.
Cisco Firepower User Agent | Blue Network Security (bluenetsec.com)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 03:36 AM
That is ISE-PIC or ISE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2024 04:26 AM
https://rayka-co.com/lesson/cisco-ftd-network-discovery-policy/
This can be done by active nmap'
The active nmap can use in ACP to make user access network resource according to reuslt of scan
MHM
