Solved: ISE PIC and Firepower Integration

danhamil · ‎11-15-2017

Team,

If ISE PIC is configured to only receive identity information via syslogs.

If I configure ISE PIC to send these syslog learned identity information to the Firepower Management Center, will the FMC be able to create policies based on these identities?

Or can the FMC only create user based policies based on ISE PIC identities learned from AD via WMI or ISE PIC AD agent?

Thanks,

-Dan

hslai · ‎11-17-2017

FMC can only consume Passive Identity learned from AD. The method should not matter, for the integration to work, the following is what is required currently.

On the FMC, a Realm is configured for the Active Directory with domain and other information.

The session received from ISE-PIC/ISE should have a domain that the realm domain configured on the FMC.

The session received from ISE-PIC/ISE should have a username that is one of the users in the Active Directory Realm.

LDAP and other sources are in our future roadmap.

View solution in original post

hslai · ‎11-15-2017

I forwarded your inquiry to the teams.

hslai · ‎11-17-2017

FMC can only consume Passive Identity learned from AD. The method should not matter, for the integration to work, the following is what is required currently.

On the FMC, a Realm is configured for the Active Directory with domain and other information.

The session received from ISE-PIC/ISE should have a domain that the realm domain configured on the FMC.

The session received from ISE-PIC/ISE should have a username that is one of the users in the Active Directory Realm.

LDAP and other sources are in our future roadmap.