Every since I upgraded FMC from 6.2.2 to 6.4, VPN users show as unknow user. I have a case open with TAC with no resolution yet. Any thoughts? I think it's occurring with multiple clients for I just tested another one. Also, any recommendation for a migration path from user agent to ISE-PIC? I don't have much experience with ISE and not sure if this is the best migration. Also is there a cost for ISE-PIC license? Any confirmed versions release which the user agent till not be support anymore?
Do you have an Identity Policy setup and applied to the FTD? I am running 6.5 on the FMC and 188.8.131.52 on the FTD, in my user activity sessions the VPN users are correctly identified.
I've no experience of ISE-PIC, but I do with ISE - it's the same principle. Use this guide as a reference to setup ISE and FMC integration. I think the ISE-PIC license is meant to be very cheap, approx a couple of thousand $.
I don't believe the agent is EOL yet, I think ISE/ISE-PIC is the desired solution going forward. I would plan to move to ISE-PIC sooner rather than later.
Yes, User Agent support will be discontinued.
I believe that will be as of FMC 6.6.
ISE or ISE-PIC is the recommended replacement. For existing customers I believe Cisco will be offering ISE-PIC for very low price (possibly no cost).
There's not really a "migration" path as ISE-PIC is a completely separate and distinct product. It's not terribly complex to setup though.
Thank you, I often see pxGrid. Is pxGrid a separate product which can integrate with ISE-PIC and ISE? pxGrid appears to be a product for sharing data, but shouldn't be required for just Firepower passive identity purposes, correct?
Pxgrid is a service that can be enable on ise-pic itself or on ISE PSN nodes. The px-grid is a feature use to share contextual information with third party and Cisco applications like FMC, stealthwatch.
When ise-px grid use with Cisco consumer like FMC or stealthwatch, it requires ISE base license only but if use PX-grid with third party then AC Plus licenses will be required.