Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
0
Replies

AD Agent and Firepower - Users not showing in any groups

cg3
Level 1
Level 1

‎10-18-2018 07:27 PM - edited ‎03-12-2019 07:02 AM

Hi All,

 

We have AD agents used on windows controllers and rules in the FIrepower to allow users in certain groups to get to certain internet sites. 

 

Since initial implementation of this we have seen issues where users loose access to the internet and get access denied page when they try to access anything. They say they are just browsing the internet and suddenly they are presented with a page saying they are not authorized and cant access anything. 

 

On checking the logs for the user I cant see any user information or group information, just an IP. 

 

Has anyone seen similar issues with Firepower AD agent?

 

If i have the user do a reboot of their system and log back in it seems to resolve the issue. 

 

Does anyone have any tips on how you can narrow down if it is an issue on the Domain Controller side and the Agent or something within Firepower itself? I would like to get some useful information for cisco TAC while its happening, but i also need to fix it fast for the user. 

 

It just seems very random - users in different locations, at different times of day, in different AD groups, no changes made on our end.

 

thanks

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card