cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1834
Views
5
Helpful
2
Replies

Connection event shows no user but user shows in active sessions

ryan14
Level 1
Level 1

In Firepower connection events, I see there are numerous connections that do not have any user. If I go to connection events and search the IP the user has, the user field shows no data. If I go to active sessions and search the same IP address, it shows the user. How do I go about getting the user to be populated in the connection events? I'm pretty sure this worked in earlier versions of Firepower.

 

Running Firepower 6.7 and ISE 2.6 patch 6.

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Did you check your realm integration? Make sure you are able to download users and groups. That's in addition to your ISE identity source.

I had this issue recently with a Firepower 6.7. We ended up having to change the LDAP user name to not use the LDAP style DNs and instead use user@company.com style.

Thanks for that info. Yes I have the realm configured (when downloading it says it downloaded hundreds of users). The ldap user we have is also in the user@domain format as you described in the FMC Directory Username * field.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: