FirePOWER: ‘No Authentication Required’ No Usernames

KB ID 0001460


When attempting to track Users with FirePOWER, the FMC would not show any usernames?

No Authentication Required


Theres a lot of reasons this might not work, let’s take a look at a few of them.

Firstly make sure the server running the ‘user agent’ is listed under  System >Integration > Identity Sources > User Agent.

It probably goes without saying, but over on server running the user agent, make sure it can see the Domain Controller(s) and the FMC (everything is green).

FirePOWER Agent Working

Make sure your DC’s are setup to audit logon events! (I’ve had to do this in local policy directly on the DC’s before).

Audit Logon Events

Ensure you have setup a ‘Realm’ for you active directory, and it’s enabled. (System > Integration > Realms).

FirePOWER Realm Setup

WARNING: In some versions of the FMC there’s a ‘Bug’ that requires you use the NETBIOS name of your domain rather than its full domain name, (as shown in the example on the right).

FirePOWER Realm Configuration

After you have made the change, ensure you can still download the users and groups. Don’t forget to ‘Save’ the changes, and redeploy the settings.

FirePOWER Realm User Download

Make sure you have an ‘Identity Policy‘, and that it’s set to discover users by ‘Passive Authentication‘, and it’s set to use the ‘Realm‘ you created. (Policies > Access Control > Identity).

FirePOWER Identity Policy

In your main ‘Access Control Policy‘ > In at least one of the rules, under ‘Users‘, ensure that your ‘Realm‘ is selected and added. (Policies > Access Control).

FirePOWER Access Policy Users

You also under your ‘Network Discovery‘ policy make sure ‘Users‘ has been added.

FirePOWER Users Network Discovery

Then take a look under Analysis > Users > User Activity. Make sure that logon events are getting logged, and mapped to IP addresses.

FirePOWER Track User Logons

Once all the boxes are ‘ticked’, users should start appearing.

FirePOWER User Activity

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *