View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0165 - ASA FirePower Network Discovery (User with AD User Agent) (Part 1)

Rating: 
5
Average: 5 (6 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video demonstrates how you can leverage user identity information within Cisco ASA FirePower and FireSight System as part of User Network Discovery. We will utilize AD User Agent to obtain user-to-IP mapping, and integrate to Active Directory to obtain user and group information. This information can be used to tie user identity to network traffic as well as including them in Access Control rules for access enforcement
 
Part 1 of this videos goes through AD User Agent installation to get user-to-IP mapping 
 
Topic:
  • Network Discovery with User
  • AD User Agent Install
  • LDAP/AD Integration
  • Discovery Policy
  • User-to-IP Mapping
  • User Profile

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new Cisco technologies.

5 comments

Hi Metha,
I have question about User Agent Configuration, Which permissions/rights are need to be configured on Active Directory to successfully add the Active Directory server to user agent.
If we install user agent on Active Directory server or on any other host.

Thanks!

Thanks...

Hello Metha,

Can a laptop with two different user domains, one with Admin and other with Guest, have different policy rules. The laptop IP address remains the same.
So when admin logs in, he gets to access certain websites, and if user logs in, he is denied and allowed certain websites.
The user groups are created on AD.

As long as they both are domain users with different AD user group membership, absolutely. Each time a user login, Firepower User Agent detects and maps user to the device IP. Once the traffic hits FP, it can look up the user AD group and apply appropriate rules.