Hello Michael,

michael.vanballegoie1 · ‎06-08-2016

I have a problem with Cisco Firepower users not showing on ASA FirePOWER Reporting Page.

We have LDAP enabled, do we need to do more to be able to see the users in the reporting page?

Marvin Rhoads · ‎06-08-2016

LDAP and a connection to your AD domain allows you to retrieve groups and their membership. You can then use those objects in policies.

It does not map usernames to IP addresses. for that you need an identity source. The potential sources are Sourcefire User Agent, ISE or a captive portal. You also should have an identity policy.

Do you have any of those configured?

michael.vanballegoie1 · ‎06-09-2016

Thanks for the feedback, for now i only enabled LDAP, im new to the FirePOWER Setup

1. i need to install sourcefire agent on DC or any other Domain computer?

2. create a identity policy, how to that?

Jetsy Mathew · ‎06-09-2016

Hello Michael,

You can install user agent on any server (preferably AD )but make sure that server should be able to give the proper admin privileges to the user which manages the Firepower user agent and device also should be switched on .

User Agent Installation guide :-

http://www.cisco.com/c/dam/en/us/td/docs/security/firesight/user-agent/FireSIGHT-User-Agent-Configuration-Guide-v2-2.pdf

Steps to create identity policy :-

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Identity_Policies_and_Realms.html

pfa document for further refrence.

Rate if this answer helps you.

Regards

Jetsy

Jetsy Mathew · ‎06-08-2016

Hello Michael,

If you need to use user based access control policy and keep filter accordingly you must install the Firepower User agent with your AD and enable the communication in between.

Regards

Jetsy

michael.vanballegoie1 · ‎06-09-2016

Thanks for the feedback, for now i only enabled LDAP, im new to the FirePOWER Setup

1. i need to install sourcefire agent on DC or any other Domain computer?

2. create a identity policy, how to that?