10-30-2023 10:35 AM - edited 10-30-2023 10:37 AM
Hello,
We want to create subdomains in our FMC and add a specific FTD device to each subdomain.
I have created two sub domains in the FMC and added one FTD device to each subdomain.
It works when I create local users and assign them to a specific subdomai. Then the user can only edit the device that belong to the same subdomain as the user.
However, when I log in as an external user, that user will always have access to the global domain. It doesn't matter if I edit the user and only assign the subdomain. As soon as the external user login, he have access to both the subdomain and the global domain.
Is there away to map the external users to a specific subdomain or is it only possible with local users?
Thanks
/Chess
11-07-2023 12:56 AM - edited 11-07-2023 12:57 AM
I found this in the FMC user guide:
"In a multidomain deployment, external authentication objects are only available in the domain in which they are created"
so it looks like it suposed to be suported. However, even though I can create an LDAP or Radius authentication object under the subdomain, it's not possible to login when I disable the global authentication object.
Thanks
/Chess
05-03-2024 07:35 AM
Hi, did you make it work? I have the exact requirement and cannot find a guide.
05-04-2024 06:14 AM
Hi,
No unfortunately I had to give up the idea of using multiple domains and instead use a separate FMC.
There was a big issue with a IPSec tunnel that we needed to break before we could configuring multiple domains and we had a FTD on the other end of the VPN tunnel, managed by the FMC and we couldn’t break that tunnel.
Multiple domains it's a great idea, but it should probably be implemented before you start managing FTD's.
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide