FTP - Creating AD Realm in cdFMC

carl.townshend · ‎12-16-2024

Hi Guys

I am creating an AD Realm in cdFMC via CDO so I can authenticate VPN users using AD.

I have created the realm and added my AD servers in there, selected the FW as the proxy as the requests need to come from the Firewall, it should use the routing table on the FW to route to the domain controllers

However when I click test, it fails.

I have done a packet capture on the inside interface where the firewall connects to the domain controllers and I see nothing coming from the Firewall at all.

Any ideas why its not working guys?

Aref Alsouqi · ‎12-16-2024

Could you please try to select "Choose an interface" and select the interested interface from the list and test again?

carl.townshend · ‎12-16-2024

Hi

When I do that, nothing happens

Aref Alsouqi · ‎12-17-2024

Seems as the firewall is not fully configured yet? maybe its data interfaces are not configured yet?

carl.townshend · ‎12-17-2024

Hi, the box you mentioned will only be populated if you have created interface groups.

I have sort of found an issue, basically the packets are sourced from a 169.254.1.3 address which I believe to be the internal management IP, I have created a NAT for this to NAT it to the ip of the inside interface.

It is still failing so now i'm looking at the Realm parameters

Aref Alsouqi · ‎12-17-2024

The IP 169.254.1.3 is an APIPA IP and that suggests the management interface is not even getting/configured with the right IP.

vishalbhandari · ‎12-17-2024

If you are not seeing any traffic from the firewall to the domain controllers when testing the AD Realm configuration in cdFMC via CDO, the issue could be related to configuration, routing, or the way the firewall is handling the traffic for AD authentication.