Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
7
Replies

new user on Cisco Firepower 1120 unable to https

network_geek1979
Level 1
Level 1

‎04-16-2024 01:45 AM

Team,
We have a new Cisco Firepower 1120 just configured with basic configuration.

After the admin user I added another user with the "configure user add" command.
This new user can SSH to the device but cannot SSL.

Further, I want to ensure that this new user has all admin rights and for the same I have provided the "config" rights.
Will that suffice?

 

Regards,

N!

0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎04-16-2024 01:52 AM

Can you access http using admin user ?

MHM

0 Helpful

network_geek1979
Level 1
Level 1
In response to MHM Cisco World

‎04-16-2024 01:53 AM

Hi, yes https works using "admin" user

Thanks,

N

0 Helpful

MHM Cisco World
VIP
VIP
In response to network_geek1979

‎04-16-2024 03:02 AM

The new user use same subnet of admin' and admin can access http

Then this limitation of fpr.

To be more sure 

Debug http 255

Abd try access 

MHM

0 Helpful

Rob Ingram
VIP
VIP

‎04-16-2024 01:56 AM - edited ‎04-16-2024 03:44 AM

@network_geek1979 that's because the configure user add command creates a user account with CLI access only, they cannot log into the device manager web interface.

"You can create local user accounts that can log into the CLI using the configure user add command. However, these users can log into the CLI only. They cannot log into the device manager web interface." reference - https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-get-started.html

 

0 Helpful

network_geek1979
Level 1
Level 1
In response to Rob Ingram

‎04-16-2024 02:03 AM

Hi Rob, where can I configure that? I see I can go to Objects and then create a new user.
However, it does not allow me to provide "MGMT" as the service types.

0 Helpful

Rob Ingram
VIP
VIP
In response to network_geek1979

‎04-16-2024 02:09 AM

@network_geek1979 actually you cannot create additional local admin user accounts, you'd have to use an external AAA.

https://www.cisco.com/c/en/us/td/docs/security/firepower/720/fdm/fptd-fdm-config-guide-720/fptd-fdm-mgmt.html#id_73790

Managing Device Manager and Threat Defense User Access

"You can configure an external authentication and authorization source for users to log into threat defense (HTTPS access). You can use an external server in addition to, or instead of, the local user database and the system-defined admin user. Note that you cannot create additional local user accounts for device manager access."

0 Helpful

Aref Alsouqi
VIP
VIP

‎04-16-2024 04:17 AM

@Rob Ingram is right, if you are managing this FTD via FDM then creating multiple admin users for the GUI accesses is not supported. In that case you would need to rely on an external authentication server such as ISE or Microsoft NPS for example. Here is a post of mine I had created to show you how to do it:

Creating Multiple Admin Accounts for FDM GUI Accesses (bluenetsec.com)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card