Cisco Cisco Firepower Management Center 4000
48-18
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
Encryption
Determines whether and how the communications are encrypted. You can
choose no encryption, Transport Layer Security (TLS), or Secure Sockets
Layer (SSL) encryption. Note that if you are using a certificate to
authenticate when connecting via TLS or SSL, the name of the LDAP
server in the certificate must match the name that you use to connect.
choose no encryption, Transport Layer Security (TLS), or Secure Sockets
Layer (SSL) encryption. Note that if you are using a certificate to
authenticate when connecting via TLS or SSL, the name of the LDAP
server in the certificate must match the name that you use to connect.
If you change the encryption method after specifying the port, the port
resets to the default value for the selected server type.
resets to the default value for the selected server type.
If you enter
10.10.10.250
in
the authentication profile and
computer1.
example.com
in the certificate,
the connection fails, even if
computer1.
example.com
has an IP address
of
10.10.10.250
. Changing the
name of the server in the
authentication profile to
authentication profile to
computer1.
example.com
causes the
connection to succeed.
SSL Certificate
Upload Path
Upload Path
Indicates the path on your local computer to the certificate to be used for
encryption.
encryption.
c:/server.crt
User Name
Template
Template
Indicates how user names entered on login should be formatted, by
mapping the string conversion character (
mapping the string conversion character (
%s
) to the value of the shell
access attribute for the user. The user name template is the format for the
distinguished name used for authentication. When a user enters a user
name into the login page, the appliance substitutes the name for the string
conversion character and uses the resulting distinguished name to search
for the user credentials.
distinguished name used for authentication. When a user enters a user
name into the login page, the appliance substitutes the name for the string
conversion character and uses the resulting distinguished name to search
for the user credentials.
To set a user name template for
the Security organization of the
Example company, enter
the Security organization of the
Example company, enter
%s@security.
example.com
.
Timeout
Sets a timeout for the connection attempt to the primary server, so the
connection rolls over to the backup server. If the number of seconds
indicated in this field (or the timeout on the LDAP server) elapses without
a response from the primary authentication server, the appliance then
queries the backup server.
connection rolls over to the backup server. If the number of seconds
indicated in this field (or the timeout on the LDAP server) elapses without
a response from the primary authentication server, the appliance then
queries the backup server.
However, if LDAP is running on the port of the primary LDAP server and
for some reason refuses to service the request, the failover to the backup
server does not occur.
for some reason refuses to service the request, the failover to the backup
server does not occur.
If the primary server has LDAP
disabled, the appliance queries
the backup server.
disabled, the appliance queries
the backup server.
Table 48-2
LDAP-Specific Parameters (continued)
Setting
Description
Example