FirePass 4100 with multple AD authorisation

I'm in the same boat. I have a failover FirePass environment using v5.5 but about to upgrade to 6.0. Our environment has multiple AD domains and we have a requirement to use dynamic mapping of resource groups that cover those multiple AD domains. Is there any way to dynamically map resource groups to multiple AD domains? If not, is FirePass coming out with a version that supports this in the future?

I think you are correct that this is not a supported configuration today. You should contact Support and open a CR (Change Request). The more people that call in and have a ticket tied to the CR the more likely it is to get implemented. You can also engage your local sales team to help drive the CR.

 

 

HTH

 

Fuzz

 

Just another thought, If you only have two AD domains you could possibly create a second Master group with NTLM instead of AD and then use that for the dynamic resource group mapping. If you have more then 2 domains you will need to open the CR.

 

 

HTH

 

Fuzz

 

You are correct. Currently AD forests are not supported but we are working to add this in the next feature (6.02) release.

Thanks guys. I appreciate the help.

Dear all,

 

 

I am facing some issues with multiple domain authentication with dynamic group mapping and dynamic resource mapping. With the forest mode enabled in version 6.0.2, my users will be required to login using UPN mode.

 

 

And i need to point a certain group of user to authenticate using RSA 2-factor authentication.

 

 

However, the authentication with upn login is not recognized by RSA as it forward the full upn string (username@domain.com) to RSA. As RSA does not remove the realm info, it is unable to authenticate the user, thus returning a failed authentication.

 

 

Can i check is there any workaround for such setup?

 

 

Thanks,

 

Melvin