Firesight Management Center- Active Directory? / Physical Server

Brett Martin · ‎09-05-2018

Hello,

I was wondering if the Firesight Management Center can be integrated into Microsoft Active Directory? We would like to manage accounts through Active Directory to permit users to logging with certain levels of privileges (Read only/Full access/ etc.). Is this supported and easy to setup? Is there an application not or example on how to setup?

Additionally, if we wanted to install the Firesight VM onto a physical server (VMSphere), is there a recommended hardware platform to monitor up to 10 ASA's?

Thanks

Brett

Raghunath Kulkarni · ‎09-05-2018

Hi Brett,

Yes, this can be achieved on the FMC.

The sample configuration example is available at:

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118738-configure-firesight-00.html

FMC as such will not be able to monitor ASA, but it monitors the firepower module running on the ASA. You can manage 10 devices on the vFMC without any issues. Logging capacity is restricted on the number of events that can be stored on vFMC though.

Marvin Rhoads · ‎09-05-2018

Sure - that's quite a common use case. Your external authentication can be via LDAP (AD) or RADIUS (e.g. Cisco ISE or ACS, optionally with AD or other external identity store as the backend to those systems).

The Firepower Management Center Configuration Guide includes the necessary instructions. Here's a link to the relevant section for the current release (6.2.3):

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/user_accounts_for_management_access.html#id_63531