Firepower URL Filtering Policy doesn't recognize users from AD

toddjustice · ‎10-24-2018

I have a Firepower Management Center deployed with some basic URL filtering enabled. When I apply URL filtering via IP, the filtering applies, but when I attempt to filter via domain user instead, the filter never applies.

I've created the Realm, I've been able to download the users, I've created the Identity Policy (with passive authentication) and the users are available in the access control rules. Am I missing something?

mikael.lahtela · ‎10-27-2018

Hi,

Did you install the User Agent and connect it to AD and Firepower Mangement Center or connect Firepower with ISE?
https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/23/config-guide/Firepower-User-Agent-Configuration-Guide-v2-3/Intro.html

br, Micke

toddjustice · ‎11-01-2018

Yes, that's actually the document that I followed to perform the initial configuration. The FMC is able to pull the usernames/groups from AD, but it seems like it can't lookup the user account in the rule and it just bypasses it.

Abheesh Kumar · ‎11-02-2018

Hi,

Try to create a new rule on top with AD username and add the URL categories you would like to filter.

-Abheesh

itninjas · ‎05-10-2021

It does not help...

itninjas · ‎05-10-2021

I can see that question is old, but the problem is old. Did you by any chance find the solution in the meantime? If so, can you post the solution?

Regards,

D