cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

634
Views
0
Helpful
2
Replies
Highlighted
Beginner

Firesight Management Center- Active Directory? / Physical Server

Hello,

 

I was wondering if the Firesight Management Center can be integrated into Microsoft Active Directory? We would like to manage accounts through Active Directory to permit users to logging with certain levels of privileges (Read only/Full access/ etc.). Is this supported and easy to setup? Is there an application not or example on how to setup?

 

Additionally, if we wanted to install the Firesight VM onto a physical server (VMSphere), is there a recommended hardware platform to monitor up to 10 ASA's?

 

Thanks

 

Brett

2 REPLIES 2
Highlighted
Cisco Employee

Re: Firesight Management Center- Active Directory? / Physical Server

Hi Brett,

 

Yes, this can be achieved on the FMC.

The sample configuration example is available at:

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118738-configure-firesight-00.html

 

FMC as such will not be able to monitor ASA, but it monitors the firepower module running on the ASA. You can manage 10 devices on the vFMC without any issues. Logging capacity is restricted on the number of events that can be stored on vFMC though.

Highlighted
Hall of Fame Guru

Re: Firesight Management Center- Active Directory? / Physical Server

Sure - that's quite a common use case. Your external authentication can be via LDAP (AD) or RADIUS (e.g. Cisco ISE or ACS, optionally with AD or other external identity store as the backend to those systems).

 

The Firepower Management Center Configuration Guide includes the necessary instructions. Here's a link to the relevant section for the current release (6.2.3):

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63531