Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2782
Views
0
Helpful
3
Replies

ISE, FMC and AD

Yasser A. Sayed
Level 1
Level 1

‎09-18-2021 10:05 AM

Hello everyone

In our network we have the ISE , FMC and AD working in our network where all workstation have anyconnect installed for authentication and posture checking

we are planning for the FMC for user awareness so we are able to make rules / monitor traffic based on the domain user identity ( not for FMC administration) .

can this be done by integration between FMC and ISE and use anyconnect for user/ip info or by integration between FMC and AD directly ??

Or are there any any other method...

hoping for a guidance for the best approach (benefits) to do this

 

best regards

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-18-2021 12:12 PM

FMC is a Management tool to Manage Firepower or FTD devices ? 

 

May be you Looking to Monitor traffic using Firepower in Monitor Mode ? is this what you looking ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Yasser A. Sayed
Level 1
Level 1
In response to balaji.bandi

‎09-18-2021 12:27 PM

Yes...I know that fmc manages FTD
We have some FTDs which are managed by the FMC consolidating all the rules management for all FTDs

I am just planning on using FMC to manage FTDs to have rules based on user identity using ISE and pxgrid

The thing is do to use passive identity to integrate ISE with AD....or i dont have to do that since all WS have anyconnect installed


0 Helpful

Ken Stieers
VIP
VIP

‎09-18-2021 01:01 PM

This is pretty much the use case for PxGrid.
ISE gathers login/auth info from AD, plus its own, and feeds it to the various clients that need it.
If you're using 802.1x with ISE, you don't necessarily have to point ISE at AD to gather logs to extract passive ID.
You can push auth info to PXGrid clients using ISE's active auth.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents