Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
0
Replies

FirePOWER User Agent and dual stack IPv4+IPv6

roger.aas
Level 1
Level 1

‎05-10-2019 04:42 AM - edited ‎02-21-2020 09:07 AM

I wanted to implement FirePOWER rules based on AD groups so I installed and configured the FirePOWER User Agent. But it seems like the dual stack network ruins this solution, the AD authentication that is picked up by the User Agent and sent to FireSIGHT is mostly the IPv6 address (preferred by Windows clients) and the IPv4 address on the same workstation is not registered to the user.

 

So if any IPv4 traffic comes from the workstation of this user then FirePOWER only have a No Authentication/Unknown log for this traffic. Any rules using the AD user (or a AD group the user belongs to) will not trigger.

 

I guess this is an inherent problem with the AD authentication that the User Agent use, it can not find the corresponding IPv4 address the workstation is using.

 

Will ISE solve this? Will ISE have both IPv4 and IPv6 addresses logged for a user when they register on the network?

 

Or is there no solution for this in a dual stack environment?

 

Roger

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card