11-27-2018 02:38 AM - edited 03-12-2019 07:07 AM
Hi All,
We are using Configure Cisco Firepower User Agent for Active Directory installed on a domain controller, both sections are green which seems to indicate it should pass the details back to the firepower.
I have some rules on the firepower and I have added some users to the rules (it find the users) but as soon as I do this they cant access the specified content. The rule works if I remove the users.
When looking in the logs, there is no reference to the username at all.
As the initial client request contains only the IP I believe that the firepower should then lookup that IP and match the username via the agent on the domain controller. Is there anyway I can test this ?
Thanks
11-27-2018 02:48 AM
11-27-2018 03:06 AM
Hi
Thanks for the reply, essentially that is what I have done. I have the correct IP in the logs, but no usernames appear in the logs. It just shows as BLOCK in logs but no username details as soon as I remove the username from the rule, it works.
Thanks
11-27-2018 03:08 AM
11-27-2018 03:10 AM
Hi,
Thanks, but "Initiator User" shows as "Unknown"
Thanks
11-27-2018 03:11 AM - edited 11-27-2018 03:12 AM
which version you are running and can you share a screenshot.
11-27-2018 03:25 AM
11-27-2018 03:37 AM
Hi
I already checked in Analysis > Users > User Activity and this does not show my test users activity.
Attached image from logs.
Thanks
11-27-2018 03:41 AM
11-27-2018 04:04 AM
Thanks for that link Abheesh Kumar I will need to spend some time today and tomorrow looking at that, I have found a few other similar posts so will take a look and see what is found. In the mean time if anyone has any other suggestions please let me know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide