Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1148
Views
15
Helpful
7
Replies

User Monitoring with AD on Firepower

Go to solution
00u18jg7x27DHjRMh5d7
Level 1
Level 1

‎06-24-2022 01:00 PM

I have been attempting to set up user monitoring on our Cisco Firepower device so we can see usernames instead of IP addresses under monitoring. It works with the VPN connection but not for internal traffic. What could I be overlooking or does this require additional features? It seems straight forward I added an Identity rule Active Auth with NTLM type, placed a user available on an inside to outside rule both facing the Windows AD server that allows connections to VPN.

Thanks   

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to 00u18jg7x27DHjRMh5d7

‎08-05-2022 11:59 PM

@00u18jg7x27DHjRMh5d7 no it doesn't matter where the certificates come from, as long as both ISE and FMC trust the certificates. Commonly you would use either ISE CA to sign the pxGrid certificiates or an internal CA (Windows) - example here

View solution in original post

7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎06-24-2022 01:10 PM

@00u18jg7x27DHjRMh5d7 sounds like you intend to do active authentication using a captive portal? Have you've created a Realm, identity policy and referenced the identity policy in the Access Control Policy?

Go to solution
00u18jg7x27DHjRMh5d7
Level 1
Level 1
In response to Rob Ingram

‎06-24-2022 01:23 PM

I have created the ID Realm it is how VPN users confirm ID when logging in. Maybe I am referencing it incorrectly but in ACL I selected under the Users Tab the server, logging beginning and end of connection. 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to 00u18jg7x27DHjRMh5d7

‎06-24-2022 01:37 PM

@00u18jg7x27DHjRMh5d7 here is the guide https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/control_users_with_captive_portal.html that has all the steps to configure.

 

Do you have ISE or ISE-PIC, this uses passive authentication and more transparent and would not require the user to actively authenticate.

 

Go to solution
00u18jg7x27DHjRMh5d7
Level 1
Level 1
In response to Rob Ingram

‎06-24-2022 01:48 PM

I unfortunately do not have ISE for the time being. 

0 Helpful

Go to solution
00u18jg7x27DHjRMh5d7
Level 1
Level 1
In response to Rob Ingram

‎08-05-2022 12:27 PM

Rob,

 So I am trying to set up ISE with our firepower but having problems with joining the Firepower device. We keep encountering certificate errors. Does it matter if the cert comes from ISE or FTD device? Also is FMC required to join ISE?

I already have ISE joined to the AD just trying to join the FTD now so we can test. 

 

Thanks

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to 00u18jg7x27DHjRMh5d7

‎08-05-2022 11:59 PM

@00u18jg7x27DHjRMh5d7 no it doesn't matter where the certificates come from, as long as both ISE and FMC trust the certificates. Commonly you would use either ISE CA to sign the pxGrid certificiates or an internal CA (Windows) - example here

Go to solution
00u18jg7x27DHjRMh5d7
Level 1
Level 1
In response to Rob Ingram

‎08-08-2022 05:51 AM

That is what I thought but having an issue when joining FP to ISE keeps erroring / rejecting the cert for some reason. Will give it another attempt today.

Thank 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card