Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
0
Helpful
0
Replies

firepower update user group of active directory server delay?

hu1
Level 1
Level 1

‎05-19-2019 10:01 PM

Hi.
 
i have passive authentication which is running the network.
 
Firepower works through Active Directory server and User Agent.
Normally, user policy is normal through user information of AD server.
I have downloaded only one of several groups of AD servers and are using it for user policy.
 
If AD server adds a new user to a user group, the user policy is normally applied.
However, if you exclude a user from a user group on the AD server and then add it again, the user policy not be applied.
In this state, if i download user from firepower, i see that you download the correct user, but user policy does not apply.
(The user is displayed correctly in the user item of the access-list, the login event is displayed in the user activity, and the id and ip are correctly mapped in the active session.)
 
 
but, If remove the AD server configuration from firepower and re-insert it, the user policy will be applied.
Or wait about 3 hours and the user policy will be applied.
 
 
 
Has anyone ever seen this issue?
Is there any way to make a change of user group on the AD server take effect immediately in firepower?
What is the logic to get the Group Policy from firepower?
 
 Thanks.
 
 
 
 

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card