Cisco Cisco Firepower Management Center 4000

A message appears, confirming that you want to apply the policy to all zones targeted by access control 
policies on the Defense Center.

Click 

 to apply the policy.

FireSIGHT

The FireSIGHT System can obtain both user identity and user activity information from your 
organization’s LDAP servers.

User Agents allow you to monitor users when they authenticate against Active Directory credentials on 
Microsoft Active Directory servers. You can install an agent on any Microsoft Windows 7 or Microsoft 
Windows Server 2008 device with TCP/IP access to the Microsoft Active Directory servers you want to 
monitor. Each agent can monitor logins on up to five servers. 

The agents send records of those logins to the Defense Center, which logs and reports them as user 
activity. This supplements any user activity detected directly by managed devices. More important, the 
logins reported by User Agents associate users with IP addresses, which in turn allows access control 
rules with user conditions to trigger.

You can configure a connection between the Defense Center and LDAP servers. This connection not only 
allows you to retrieve metadata for the users whose logins were detected by User Agents, but also is used 
to specify the users and groups you want to use in access control rules.

Legacy agents, which you install on your Microsoft Active Directory servers, also monitor users when 
they authenticate against Active Directory credentials. However, you should plan to transition to Version 
2.0 of the User Agent as soon as possible in preparation for end of support for legacy agents in future 
releases. 

For more information, see:

FireSIGHT

If you want to perform user control (that is, write access control rules with user conditions), you must 
configure a connection between the Defense Center and at least one of your organization’s Microsoft 
Active Directory servers. This configuration, called an LDAP connection or a user awareness