Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
2
Replies

ISE identity and Firepower or WSA

michaellperrin
Level 1
Level 1

‎04-18-2016 06:10 AM - edited ‎03-10-2019 11:41 PM

If I'm using ISE for user identity for WSA or Firepower does it do the same thing as the CDA and just read auth logs from the DC and map IP to user?

I was hoping it could somehow get that info from the the actual auth made against ISE. 

With the CDA we cannot get a user to IP mapping for wireless clients such as iPhones because there is never a AD login event. I was hoping that with ISE if the user authenticates to ISE that we would pass that info to the WSA or Firepower for identity. However from what I'm reading it basically just acts the same as CDA.

Labels:
0 Helpful
2 Replies 2

rick505d3
Level 1
Level 1

‎06-22-2016 05:34 AM

Hi Michaellperrin,

Did you get an answer or found if WSA integrated directly with ISE can get the User-to-IP mappings without deploying CDA's ?

Thanks, 

Rick.

0 Helpful

michaellperrin
Level 1
Level 1
In response to rick505d3

‎06-22-2016 08:03 AM

Hi Rick,

I did get it working in Firepower.  It seems to do the same thing as CDA plus the info from Radius.

I'm getting user to IP mapping from wireless users, which I could not get from CDA.

I haven't tested it with WSA yet because the version we are using doesn't have pxGrid support.

I plan on deploying the newest release in my lab and do some testing 

0 Helpful
Customers Also Viewed These Support Documents