07-07-2015 03:41 AM - edited 03-12-2019 05:43 AM
Hi all,
What is role of Sourcefire User Agent on Active Directory,(is it required?)
When we connect Sourcefire defense center to AD, we need to create LDAP Connection what exactly Ldap does in this Scenario
Confusion between Defense center vs firepower vs firesight vs sensor vs ASA with firepower servcies?
Thanks!
07-07-2015 08:36 AM
The Sourcefire User Agent collects IP-user associations from your AD server.
The LDAP connection allows you to use AD (or LDAP) group membership in your policies.
Defense Center (DC) = old name for FireSIGHT Management Center (FMC). The old DC name is still referenced in much documentation.
FirePOWER = general brand name for the Sourcefire technology as implemented in Cisco's product line.
A sensor generally refers to a dedicated appliance (or VM) running only the FirePOWER NGIPS/NGFW technology.
ASA with FirePOWER services refers to a software module (module type = "sfr") running in addition to the base ASA software on an ASA platform. (On the 5585-X this is a dedicated hardware module.)
07-08-2015 10:34 AM
Hi marvin,
Thanks,
I am facing major issue in Sourcefire User agent, we want to integrate AD with Sourcefire,
We added Ldap Connection in Sourcefire, that successfully added,
we tried to install User agent on AD, but there was requirement for .net framework and sql, we installed and run User agent,
now User agent is installed, but when we try to connect with AD, fill all parameters Server IP, Domain, User name , Password, but there was continues error showing there was a error connecting to server, please check user name password and permission (1),
we have done DCOM, WMI, RPC seetings in AD, but still problem exists,
Exact error is: Authentication Error connecting to AD IP address
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Management.ThreadDispatch.Start()
at System.Management.ManagementScope.Initialize()
at Tools.Troubleshooter.testADServerConnection()Unable to determine AD Server's OS. - 1
Can you help me for the same!
Thanks
07-15-2015 11:26 AM
If you are installing it on a DC you need to reference the local DC as "localhost" in the Servername/Address field.
07-15-2015 10:11 PM
We have done that,
Actually we are installing user agent on machine,
07-16-2015 07:13 AM
I had zero luck using a remote host. It seems that there is a better success rate using the Domain Controllers themselves. However if you are forced to use a remote host for some reason.
Try following the following article. You may have done DCOM and WMI but you may also need a group policy so that your service account can manage auditing and security logs.
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118637-configure-firesight-00.html
Beyond that open up a case with TAC and hope for the best. The agent is complete garbage though.
It hasn't been updated since 2013 according to the Cisco website. This is what Cisco does. They stop development on acquisitions while they develop something better. Current customers get worked over while sales keeps the features on for brochure compliance.
07-16-2015 10:11 PM
we have done group policy stuff,
I forgot to tell you that we are facing issue in WMI,
Win32_Processor: WMI: Access denied
Win32_WMISetting: Successful
Security information: Successful
Win32_OperatingSystem: WMI: Access denied,
This is the reason we are facing issue in Sourcefire user agent.
07-17-2015 08:56 AM
At this point I would open up a case with TAC. I opened one two days ago with a similar issue and we were able to resolve it this morning.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: