12-20-2021 09:01 PM
This bug is also present in FTD 6.6.5.1 and 7.0.1 as of December 2021
But 6.7.0 to 6.7.0.2 don't have this bug.
So on FTD if you use Radius to map group policy, stay on 6.6.4 or go to 6.7.0.2
Had this problem on FTD after upgrading 6.6.4 to 6.6.5.1 ( Ticket # 692751355 ) and tested 7.0.1 with a FTD virtual machine.
Up to now 6.7.0.2 are ok and map correctly the group policy !
01-04-2022 06:48 AM
I was told to upgrade to 6.7, this is not an option since we still have two ASA's with FirePower. Cisco needs to release a patch for the problem they broke.
01-05-2022 12:00 AM
Group mapping worked for me on version 6.6.5 but stopped working when applying patch 6.6.5.1
04-05-2022 08:03 AM
Look like 6.6.5.2 correct the issue and is avail since March 24 2022, but can't confirm if any 7.x version have a patch for this bug ( CSCwa08262 )
05-23-2022 12:03 PM
This bug was fixed in ASA 9.16.2.10 and it appears that FTD 7.0.2 is needed, because it's bundled with higher version:
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#id_67425
This doc confirms:
HTH
05-23-2022 09:09 AM
I'm having eerily similar issues with my FTD 1140 running 7.0.1.1 code. The bug says that the output of the "show vpnsession-db anyconnect" command will show the correct mapped Group Policy however in my situation it shows the Default Group Policy. My problem is also intermittent. We had the issue about 2 weeks ago where users were being placed into the Default Group Policy even though we confirmed the RADIUS server was sending the correct Class attribute value then all the sudden it resolved itself only to come back today which is when I found this bug. I just don't know if this is the bug I am experiencing because the symptom output doesn't match 100%. I opened a TAC case to confirm.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide