ASA Firepower External Radius Authentication

milin160791 · ‎12-28-2015

Dear Team,

I have deployed ASA 5515-X with Sourcefire module.

When I am configuring Radius for External Authentication(Device Administration) I am unable to see the fallback mechanism in Defence Centre. Also I checked that after configuring Radius Authentication when I am logging back again to Defence center at that time I am able to login with Radius Credentials as well as local database credentials. So, If I am able to login with both the credentials directly (without unreachability of Radius) then what is the meaning of External Authentication ?

I am confused here, can anyone tell me that how exactly External Authentication mechanism works in Defense center ?

Thanks,

Milin M. Mistry

Andre Neethling · ‎12-29-2015

I don't think defense Center can offer those options that the ASA/IOS can. You can only set authentication sources, but this does not disable the LOCAL database auth like it would with IOS/ASA.

Marvin Rhoads · ‎12-29-2015

Andre is correct. External authentication does not disable the local account or restrict it to fallback only scenarios. It would make sense if that were the case but it isn't.

The concept is that only one or very few users have a local account - the system administrator(s). Even they don't normally use the local account and instead use their external authentication credentials. Other users such as operators or analysts are exclusively externally authenticated and do not have a local account.