cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

715
Views
0
Helpful
0
Replies
cg3
Beginner
Beginner

AD Agent and Firepower - Users not showing in any groups

Hi All,

 

We have AD agents used on windows controllers and rules in the FIrepower to allow users in certain groups to get to certain internet sites. 

 

Since initial implementation of this we have seen issues where users loose access to the internet and get access denied page when they try to access anything. They say they are just browsing the internet and suddenly they are presented with a page saying they are not authorized and cant access anything. 

 

On checking the logs for the user I cant see any user information or group information, just an IP. 

 

Has anyone seen similar issues with Firepower AD agent?

 

If i have the user do a reboot of their system and log back in it seems to resolve the issue. 

 

Does anyone have any tips on how you can narrow down if it is an issue on the Domain Controller side and the Agent or something within Firepower itself? I would like to get some useful information for cisco TAC while its happening, but i also need to fix it fast for the user. 

 

It just seems very random - users in different locations, at different times of day, in different AD groups, no changes made on our end.

 

thanks

 

0 REPLIES 0
Content for Community-Ad