cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
817
Views
0
Helpful
2
Replies

Sourcefire and ActiveDirectory

sidcurtis
Community Member

Yes, we use our SourceFire and FirePower management application for our web filter as well. We've synced SourceFire up with our ActiveDirectory (AD) server for LDAP integration on our domain. We allow users in certain AD user groups access to certain sites depending on their job role. We already have all of the user group policies in place in the firewall. My question is when we add a user to a user group and save then deploy the policy, it takes a good while for that change to take effect for the end user even after the deployment completes. We've added users towards the end of the day and it seems to take overnight for the user to finally have access to those sites the following morning. However, we can add entries to our policy to whitelist a domain on the back end that bypasses AD and deploy it and it happens immediately after deploying. Does anyone know how long exactly this is supposed to take usually or if there's a setting we can change to not have this take so long?  Let me know if you need any more information.

Thank you in advance for your help!

1 Accepted Solution

Accepted Solutions

Rahul Govindan
VIP Alumni
VIP Alumni

Firepower Manager downloads the users and Group information from the AD every 24 hours by default. I think the default time to do this is midnight or 1am. This may be why this works the next day for you. You can change this setting on the FMC to a shorter period in the location:

System>Integration>Realms>Edit Realm>User Download

View solution in original post

2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

Firepower Manager downloads the users and Group information from the AD every 24 hours by default. I think the default time to do this is midnight or 1am. This may be why this works the next day for you. You can change this setting on the FMC to a shorter period in the location:

System>Integration>Realms>Edit Realm>User Download

sidcurtis
Community Member

Thanks Rahul!  I believe that was it.  There's also a Donwload Now button to force a sync which is great!

Have a great day.

Review Cisco Networking for a $25 gift card