I wanted to implement FirePOWER rules based on AD groups so I installed and configured the FirePOWER User Agent. But it seems like the dual stack network ruins this solution, the AD authentication that is picked up by the User Agent and sent to FireSIGHT is mostly the IPv6 address (preferred by Windows clients) and the IPv4 address on the same workstation is not registered to the user.
So if any IPv4 traffic comes from the workstation of this user then FirePOWER only have a No Authentication/Unknown log for this traffic. Any rules using the AD user (or a AD group the user belongs to) will not trigger.
I guess this is an inherent problem with the AD authentication that the User Agent use, it can not find the corresponding IPv4 address the workstation is using.
Will ISE solve this? Will ISE have both IPv4 and IPv6 addresses logged for a user when they register on the network?
Or is there no solution for this in a dual stack environment?
the Cisco CPN Client for a long time to connect to a VPN Server. Now I've got a new machine with a Windows 7 64 bit. The Cisco VPN Client isn't avaiable in a 64 bit version. Cisco suggests to use Cisco AnyConnect instead because there'a 64 bit version ava...
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu...
Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0). Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis).
Updated: July 2018
New: Updated format , Netflow configuration examples per platform (End of Table)
Note: Remember the table is scrollable horizontally to view other columns, not only vertically
IOS / IOS XE