cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

2024
Views
0
Helpful
3
Replies
Yasser A. Sayed
Beginner

ISE, FMC and AD

Hello everyone

In our network we have the ISE , FMC and AD working in our network where all workstation have anyconnect installed for authentication and posture checking

we are planning for the FMC for user awareness so we are able to make rules / monitor traffic based on the domain user identity ( not for FMC administration) .

can this be done by integration between FMC and ISE and use anyconnect for user/ip info or by integration between FMC and AD directly ??

Or are there any any other method...

hoping for a guidance for the best approach (benefits) to do this

 

best regards

3 REPLIES 3
balaji.bandi
VIP Master

FMC is a Management tool to Manage Firepower or FTD devices ? 

 

May be you Looking to Monitor traffic using Firepower in Monitor Mode ? is this what you looking ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Yes...I know that fmc manages FTD
We have some FTDs which are managed by the FMC consolidating all the rules management for all FTDs

I am just planning on using FMC to manage FTDs to have rules based on user identity using ISE and pxgrid

The thing is do to use passive identity to integrate ISE with AD....or i dont have to do that since all WS have anyconnect installed


Ken Stieers
VIP Advocate

This is pretty much the use case for PxGrid.
ISE gathers login/auth info from AD, plus its own, and feeds it to the various clients that need it.
If you're using 802.1x with ISE, you don't necessarily have to point ISE at AD to gather logs to extract passive ID.
You can push auth info to PXGrid clients using ISE's active auth.

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards