Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
0
Helpful
0
Replies

Firepower 6.3.x Passive Identity policy load on nodes and best practice

giovanni.augusto
Level 1
Level 1

‎04-29-2019 03:28 AM - edited ‎02-21-2020 09:05 AM

Hi Everyone,

 

I tested successfully in a Lab to have Passive Identity information shared via PxGrid between ISE 2.6 and FMC 6.3.

 

What I would like to know is the following

 

1) load that Identity policy can have on a Firepower node (for both ASA+FirePOWER and FTD) and if fine tuning of rules in Identity policy is a must to avoid an impact on the nodes and FMC

2) While configuring a realm on FMC, is there any difference if all security groups are added rather than just adding the ones that will be used for any access rule? is the impact going to be on the FMC or on the Firepower nodes?

3) In case of limiting the number of groups downloaded from the realm configuration, is that going to impact the "visibility" of the passive authentication or just the option to use the SGs in access rules? (practically, if I don't have a SG imported in the realm configuration, can I still see in FMC when a user from that SG is making traffic or that user will not be detected ?)

 

Any other suggestion are welcome in case anyone already implemented a scenario like this.

 

Thanks Everyone

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card