03-22-2016 02:25 PM - edited 03-12-2019 05:56 AM
I configured an identity policy in FireSIGHT 6.0.1 to use active authentication. The certificate presented is for my FQDN (firesight.mydomain.com for example). During active authentication the intercept comes from my firewalls ip address (192.168.1.254 for example) which creates a browser warning because of the mismatched address.
I am thinking if the redirect could be forwarded to a fqdn and if the firewall could present a matching certificate that would eliminate this error. Is that or some other method possible? I will need a certificate that can be issued by a public CA to be used so it can be trusted by all devices in our environment.
04-11-2016 07:40 AM
I have the issue also. We have a wildcard certificate on the ASA but this does not get triggered because the FMC uses the ip address instead of the fqdn hostname.
The following bug report was created for this:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy03864
I hope that will help in tracking progress.
Or does anyone have another workaround?
04-11-2016 10:26 AM
Thanks for the link to the bug report. I have a case open with tac and the engineer could not come up with a workaround. Hopefully Cisco can fix the bug sooner than later.
04-11-2016 10:34 PM
I think it will be for another few months. The affected version listed in the report is 6.1.0 which has not even come out yet. So any update after that could have it fixed. We're now on 6.0.1.
No idea what the release-cycle is for FMC.
04-15-2016 11:05 AM
Same here. I referenced this thread and the link above in my last email to the Cisco tech working on my case...
*sigh*
The 'half baked' upgrades are becoming more common. :(
09-05-2017 01:25 PM
10-04-2017 04:53 AM
We have also the same Problem with 6.2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide