Cisco Community
English
Register
Change to content subject titles: starting July 28 there is a limit on the number of characters to use - LEARN MORE HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

1170
Views
5
Helpful
2
Replies
ryan14
Beginner
Beginner
‎01-05-2021 12:57 PM
‎01-05-2021 12:57 PM

Connection event shows no user but user shows in active sessions

In Firepower connection events, I see there are numerous connections that do not have any user. If I go to connection events and search the IP the user has, the user field shows no data. If I go to active sessions and search the same IP address, it shows the user. How do I go about getting the user to be populated in the connection events? I'm pretty sure this worked in earlier versions of Firepower.

 

Running Firepower 6.7 and ISE 2.6 patch 6.

Labels:
0 Helpful
2 REPLIES 2
Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend
‎01-14-2021 05:33 AM
‎01-14-2021 05:33 AM

Did you check your realm integration? Make sure you are able to download users and groups. That's in addition to your ISE identity source.

I had this issue recently with a Firepower 6.7. We ended up having to change the LDAP user name to not use the LDAP style DNs and instead use user@company.com style.

ryan14
Beginner
Beginner
In response to Marvin Rhoads
‎01-14-2021 11:45 AM
‎01-14-2021 11:45 AM

Thanks for that info. Yes I have the realm configured (when downloading it says it downloaded hundreds of users). The ldap user we have is also in the user@domain format as you described in the FMC Directory Username * field.

0 Helpful
Latest Contents
802.1X Switch Configuration Summarized
Created by meddane on 07-30-2021 11:03 AM
3
5
3
5
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut... view more
GRE Over IPSEC vs IPSEC VTI and Tunnel VS Transport Modes De...
Created by meddane on 07-30-2021 10:55 AM
5
5
5
5
 GRE Over IPSecIPSec VTI 
Demystifying NAT Traversal In IPSEC VPN With Wireshark
Created by meddane on 07-30-2021 10:35 AM
0
5
0
5
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot... view more
Orbital Query Corner - Update
Created by brmcmaho on 07-28-2021 09:43 AM
1
5
1
5
"What is this 'Orbital Query Corner' thing", you ask?  It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ... view more
Orbital Query Corner - Checking Windows ACLs for CVE-2021-36...
Created by brmcmaho on 07-27-2021 08:38 AM
0
5
0
5
0. The Issue On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability". [1]  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se... view more
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards