cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Register for SecureX webinars to learn about our newest integrations and features.


230
Views
0
Helpful
2
Replies
Highlighted
Beginner

Connection event shows no user but user shows in active sessions

In Firepower connection events, I see there are numerous connections that do not have any user. If I go to connection events and search the IP the user has, the user field shows no data. If I go to active sessions and search the same IP address, it shows the user. How do I go about getting the user to be populated in the connection events? I'm pretty sure this worked in earlier versions of Firepower.

 

Running Firepower 6.7 and ISE 2.6 patch 6.

2 REPLIES 2
Highlighted
Hall of Fame Guru

Did you check your realm integration? Make sure you are able to download users and groups. That's in addition to your ISE identity source.

I had this issue recently with a Firepower 6.7. We ended up having to change the LDAP user name to not use the LDAP style DNs and instead use user@company.com style.

Highlighted

Thanks for that info. Yes I have the realm configured (when downloading it says it downloaded hundreds of users). The ldap user we have is also in the user@domain format as you described in the FMC Directory Username * field.

Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards