12-09-2019 09:43 AM - edited 02-21-2020 09:45 AM
Can someone please confirm if the Firepower user agent 2.4 supports TLSV1.2? I disabled TLSV1.0 in my Windows Domain Controller 2016 and I'm not getting any mappings anymore, thank you.
12-09-2019 07:11 PM
User Agent to FMC should support strong ciphers.
Is your User Agent running on the DC itself?
12-10-2019 06:32 AM
01-06-2020 11:17 AM
Thank you for your reply and Happy New Year!
The article you referred me to has no mention of TLS v1.2 support for User Agent which is the question I had, would you know if this is supported in 6.4?
12-10-2019 07:13 PM
I would recommend reaching out to Cisco TAC to have this verified but the last time I checked the User Agent only supported TLSv1.0.
Thank you for rating helpful posts!
04-10-2020 07:07 AM
I'm seeing a similar issue. According to this, no. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve30062/?rfs=iqvred
I'm flabbergasted by the suggested workaround. Is this a push to get people off the FREE User agent and requiring a license ICE product.........
CSCve30062
Symptom:
User agent cannot communicate with the Firepower Management Center. The following error is displayed on the user agent:
[The client and server cannot communicate, because they do not possess a common algorithm]
Conditions:
The server hosting the user agent has TLS 1.0 disabled.
Workaround:
Enable TLS 1.0 on the machine where user agent is running. If security policy forbids enabling TLS 1.0 on that machine, install the user agent on a different machine. (For security reasons, you might not want the TLS 1.0 to run on your Active Directory server, for example.)
04-29-2020 11:31 AM
It definitely is, the user agent is going out of support and our fixes are to either re-enable TLS 1.0 (can't happen) or utilize ISE-PIC. We don't currently utilize ISE in our environment, so in order to have this functionality we would have to bring it in.
04-29-2020 12:52 PM
Yes, that is my understanding as well now, was informed by TAC that ISE-PIC was the recommended approach...either that or replace with Palos :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide