Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
0
Helpful
3
Replies

Fire Power 7010.Integration with AD.

n.avramenko87
Level 1
Level 1

‎09-14-2020 12:02 AM

Good morning! After restore from Restore disk i have problems with configuration. (FP 6.1)
My main problem - integration with Active Directory. (I have windows 2019 AD and I read about Supported Servers for Realms - 2012).
1.So, where can see log on firepower device?
2.First I have to configure the agent on AD Server or do realm configuration on fire power? Is it important?

 

fp-1.PNGfp-2.PNG

 

Thank you!

 

 

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-14-2020 01:12 AM - edited ‎09-14-2020 01:13 AM

There are two loosely related concepts you are talking about.

1. Realm configuration is used to query a realm (AD or LDAP) for users and groups so that they are available to you for use in policies.

2. The AD Agent (being deprecated but will work with Firepower though version 6.5/6.6) is used to query your Domain Controller(s) for the mapping of username to IP address. Once it is working (which your screen shot shows it is not), it can be integrated into FMC as an Identity Source. It will allow FMC to show you the username associated with an event that would otherwise only know the IP address of the affected computer. It will also allow FMC to know the username in the event that you have an integrated realm with a policy that uses username or group membership as a policy element.

0 Helpful

n.avramenko87
Level 1
Level 1

‎09-14-2020 01:50 AM - edited ‎09-14-2020 02:39 AM

Thank you for information!

1.So, i want to solve my problems and how  i understand - i need to find logs, bacause I do not understand why I ca not connect use realm configuration.

2. Can I use agent on non-active directory domain server?

Thanks a lot!!!

 

Troubleshooter:

3.PNG

0 Helpful

n.avramenko87
Level 1
Level 1
In response to n.avramenko87

‎09-14-2020 04:51 AM

A solved my first problem with agent. I need add localhost instead ip.

Second problem - Servers for Realms did not work (

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card