Solved: Re: Firepower User Agent Communicating Ports on AD Firewall

kostasthedelegate · ‎02-22-2021

Hello,

Is there a guide that states the ports that need to be open in order for the user agent to communicate with an AD controller.

I am interested in the firewall of the server.

Tanks and regards,

Konstantinos

Rob Ingram · ‎02-22-2021

@kostasthedelegate

There isn't much information...but it looks like TCP/135 (used by DCOM) is required to each DC. I'd suggest taking a packet capture or running netstat on the DC and double checking the communication ports.

Bear in mind, the Firepower User Agent is EOL and not supported in FMC from version 6.7. Recommendation to migrate to ISE or ISE-PIC.

https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/Intro.html#56246

View solution in original post

Rob Ingram · ‎02-22-2021

@kostasthedelegate

There isn't much information...but it looks like TCP/135 (used by DCOM) is required to each DC. I'd suggest taking a packet capture or running netstat on the DC and double checking the communication ports.

Bear in mind, the Firepower User Agent is EOL and not supported in FMC from version 6.7. Recommendation to migrate to ISE or ISE-PIC.

https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/24/config-guide/Firepower-User-Agent-Configuration-Guide-v2-4/Intro.html#56246