Cisco Cisco Firepower Management Center 2000
2-4
FireSIGHT User Agent Configuration Guide
Chapter 2 Setting up a User Agent
Configuring Permissions to Connect to an Active Directory Server
authentication object, contains connection settings and authentication filter settings for the server. The
connection’s user and group access control parameters specify the users and groups you can use in access
control rules.
connection’s user and group access control parameters specify the users and groups you can use in access
control rules.
Note
If you want to perform user control, you must use Microsoft Active Directory. The system uses User
Agents running on Active Directory servers to associate users with IP addresses, which is what allows
access control rules to trigger.
Agents running on Active Directory servers to associate users with IP addresses, which is what allows
access control rules to trigger.
For more information on setting up an LDAP connection with user awareness configuration, see the
FireSIGHT System User Guide.
FireSIGHT System User Guide.
Configuring Permissions to Connect to an Active Directory
Server
Server
After you prepare the computer with all agent prerequisites, verify that the Active Directory security logs
are enabled so the Active Directory server can record login data to these logs. Then, configure user
permissions and Windows security permissions to allow the agent to communicate with the Active
Directory server, access the security logs to retrieve login data, and optionally, retrieve logoff data.
are enabled so the Active Directory server can record login data to these logs. Then, configure user
permissions and Windows security permissions to allow the agent to communicate with the Active
Directory server, access the security logs to retrieve login data, and optionally, retrieve logoff data.
To verify the Active Directory server is logging login data:
Step 1
On the Active Directory server, select
Start > All Programs > Administrative Tools > Event Viewer
.
Step 2
Select
Windows Logs > Security
.
If logging is enabled, the Security log displays. If logging is disabled, see
for information on enabling
security logging.
To allow the agent to communicate with the Active Directory server:
Step 1
Enable the Remote Administration firewall rule on the Active Directory server. You have the following
options:
options:
•
If the Active Directory server is running Windows Server 2003, see
for more information.
•
If the Active Directory server is running Windows Server 2008 or Windows Server 2012, see
for more information.
To grant the agent permission to retrieve login data:
Step 1
Create a user on the computer where you installed the agent.