View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0165 - ASA FirePower Network Discovery (User with AD User Agent) (Part 2)

SEC0165 - ASA FirePower Network Discovery (User with AD User Agent) (Part 2)

Rating: 
5
Average: 5 (5 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video demonstrates how you can leverage user identity information within Cisco ASA FirePower and FireSight System as part of User Network Discovery. We will utilize AD User Agent to obtain user-to-IP mapping, and integrate to Active Directory to obtain user and group information. This information can be used to tie user identity to network traffic as well as including them in Access Control rules for access enforcement
 
Part 2 of this videos goes through AD integration to obtain user and group information, and perform functionality testing
 
Topic:
  • Network Discovery with User
  • AD User Agent Install
  • LDAP/AD Integration
  • Discovery Policy
  • User-to-IP Mapping
  • User Profile
Tag: 
asa
firepower
sourcefire
ngfw
firesight
network discovery
user profile
ad user agent
ldap
active directory

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

9 comments

Submitted by Pacerfan9 on Wed, 08/26/2015 - 08:02

The labs you have provided are excellent! If a user logs into the network using a wired connection and switches to wireless is there a way to map their new ip address to username?

Submitted by admin on Wed, 08/26/2015 - 21:12

You don't really have control over that. It depends on whether Windows causes a login event to happen for the FP agent to detect. The chances are it will not as users remain logged into Windows during the wired to wireless roaming process.

Submitted by lpavon0312 on Mon, 01/18/2016 - 07:17

I think if you are using 802.1x authentication with that same AD server, it could see the wireless lan adapter authenticate when you connect to the wifi network, and thus it would immediately map the user to the new IP. You think that might work?

Submitted by admin on Mon, 01/18/2016 - 20:14

You are correct. It is possible now but only with FP 6.0 and pxGrid integration. User Agent alone would not be possible.

Submitted by Hamid on Thu, 10/15/2015 - 12:33

My question is regarding how Virtual Defense Center getting user activity when traffic has not passed firewall for example in your lab when user first login to the windows machine how system has User Activity in the log?

Submitted by admin on Thu, 10/15/2015 - 22:52

SourceFire user agent captured the user login activity on AD and report them to FireSight.. This is independent of the actual user traffic passing through FP.

Submitted by mtormente on Mon, 03/14/2016 - 10:17

Hello!
Are there any problem with the videos?
I can´t see anymore.

thanks

Submitted by admin on Mon, 03/14/2016 - 21:26

We had some technical issue. Should be back to normal now.

Submitted by Kashif Khan on Mon, 08/13/2018 - 01:22

Dear Sir,
Is there any possibility to to install multiple user agents pointing to common domain controller work as High Availability.