Hi,
We just deployed FAC for a client and the design is to integrate with Cisco ISE as s Syslog source to parse user details to the FAC.
All the interface services are enabled, and integration with Cisco ISE is successful, but no feed from it.
Who can help with this?
Thanks.
Mujeeb
I might be able to offer some input on this. When you say all of the interfaces are enabled and integration with Cisco ISE is successful, can you give some more detail? I know one of the built in canned matching rules already has all of the properties of Fields to Extract for Cisco under the Syslog Sources tab. Are you saying you have that all set and successfully ran a rest to confirm? Not sure what format Cisco is supposed to be set at for sending the syslog info to the FAC, so have you confirmed that is set correctly? My non Cisco appliance is set for JSON for example. Lastly, have you confirmed that your Cisco ISE is actually sending syslog information at all (meaning its a configuration issue on the Cisco ISE itself if not)?
Dear Mujeeb,
Can you please verify the following:
- Cisco ISE is actually sending the syslog messages
-> use this command in FortiAuthenticator CLI to see traffic
exe tcpdump -i any host <Cisco IP> and port 514
- FortiAuthenticator has syslog parsing enabled not just on interface
-> check under Fortinet SSO Methods > SSO > General that Syslog SSO is enabled as well
-> the default Cisco rule that Cajuntank mentioned is set up to parse logs that Cisco ISE generates for RADIUS Accounting messages
-> if your Cisco ISE does not actually participate in RADIUS Accounting, the log messages FortiAuthenticator is looking for might not be generated
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.