We have a NGFW with a sensor running version 6.2 that presents with a problem, seemingly at random. The FW, is configured to authenticate AD users using the CISCO Agent, installed on a server which has links to both our primary and backup controllers. All is working on the agent side, it has the correct mapping, ip address, refreshes as expected, etc.
We've had instances where the user can NOT browse, the sensor shows an "unknown" user (although shows in the events as "allowed"), but the FW does not prompt for credentials to the client, nor refreshes or sees the mapping in question; internet explorer keeps spinning. However, by logging on as someone else, it starts working fine with that other users' credentials, without prompting; it just goes.
How can this be tracked? How to know what the problem is, or where it resides? .... Changing IP addresses does not solve it, resetting the password of the original user with the problem does not solve it... I'm confused as to where to look and what can be causing this.
As it turns out, I was looking in all the right places; I ended up contacting TAC and they discovered, after dropping a script that the defense center is not syncing with the sensor. This may be a bug.
We have the Endpoint purge to delete any thing over 365 days, but this wasn't working as standard since in was installedSo disabled and enabled again and this seem to fix it, as had just under 200k endpoints captured. But it removed all clients that ...
When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scra...
Hi,I have a very simple question; we have two ASA 5585-X working in Active/Standby Mode with multiuser Contexts.Normally Primary Unit is active for failover group 1 and 2; Secondary Unit is standby !At the moment our Secondary Unit is completely disconnec...
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event will have place on Thursday 29th, October 2020 at 1...
My company uses Microsoft Azure AD, and I sign into all my applications using that account. Can I use that account when I sign in?
Yes - all applications that support SecureX sign-on allow direct login with your Microsoft Azure AD accou...