Cisco Terminal Services (TS) Agent
Cisco Terminal Services (TS) Agent
Cisco Firepower Terminal Services (TS) is a comprehensive line of network security and traffic management products that can be installed either as software or on specialized hardware. Your organization’s security policy will be complied with by the system, which is made to assist you in managing network traffic in that manner.
Various traffic-sensing managed devices that are installed on network segments typically monitor traffic for analysis and report to a manager:
- Management of Firepower Center.
- Firepower Device Manager
- Device Manager for Adaptive Security (ASDM).
To carry out administrative, management, analytical, and reporting tasks, managers provide a central management console with a graphical user interface.
This licensed solution is one of the reliable identity sources that the Firepower System supports is the TS Agent, which uses passive authentication. The authentication is carried out by a Windows Terminal Server, and the TS Agent informs a stand-alone or high availability Firepower Management Center of it. The TS Agent, when installed on Windows Terminal Servers, gives each user a special port range as they enter or exit a monitored network. The special port is used by the Firepower Management Center to recognize specific Firepower System users. One TS Agent can be used to track user activity on a single Windows Terminal Server and transmit securely encoded data to a Firepower Management Center. The TS Agent doesn’t record unsuccessful login attempts. User awareness and user control are possible with the help of the data obtained from the TS Agent.
Agent TS Policies
The following are the various steps involved in configuring the TS Agent.
- A Windows Terminal Server with the TS Agent installed and set up.
- One or more identity realms that are aimed at the users your server is keeping an eye on.
A Microsoft Windows Terminal Server is used to install the TS Agent. The Cisco Terminal Services (TS) Agent Guide contains comprehensive information on the server and Firepower System requirements as well as comprehensive information on the multi-step TS Agent installation and configuration process. Users, User Activity, and Connection Event tables all contain information about the TS Agent that can be seen by users and used to give them access to and control over the agent.
Set up user control on the TS Agent
Install and configure the TS Agent software as described in the Cisco Terminal Services (TS) Agent Guide in order to use the TS Agent as an identity source for user awareness and user control.
Next steps are:
- Use an identity policy, to specify users to control and other options.
- Link the identity rule to an access control policy that filters and, optionally, inspects traffic.
- Implement your identity and access control policies on managed devices.
- keep an eye on user activity.
Investigate the TS Agent Identity Source for issues.
Check the following if you’re having problems with the integration between the TS Agent and Firepower System.
- You must synchronize your TS Agent server’s time with the time on the Firepower Management Center.
- If the Firepower Management Center prioritizes the TS Agent data, it means that the TS Agent is monitoring the same users as another passive authentication identity source (the User Agent or ISE). Only the TS Agent data is logged to the Firepower Management Center when the TS Agent and a passive identity source report activity using the same IP address.
- In events, Active ft. sessions are shown as the Unknown user. This is expected since the connection is opened by the server (not the client) in active ft. and the ft. server is not supposed to have a username assigned to it.
Cisco Firepower Management Center or Cisco FMC
The licensed Cisco Firepower Management Center (Cisco FMC) is used to manage various Cisco security products. This solution provides complete and integrated management of firewalls, intrusion prevention, URL filtering, application control and advanced protection against malware. Also, this licensed solution is a centralized point for incident and policy management in Cisco Firepower Next-Generation Firewall solutions, Cisco ASA with FirePOWER services, Cisco FirePOWER Threat Defense for ISR, Cisco Advanced Malware Protection and Cisco Firepower next-generation IPS.
Cisco Firepower Management Center (Cisco FMC) can be implemented as a virtual, physical or cloud appliance (Table 1). You can choose which options work best with your environment. With virtual equipment, you can easily use the existing VM infrastructure. Cloud computing services can be used to host the Management Center. These services help users manage database security without the need to invest in computing power and storage, and provide the necessary flexibility for scaling.
When installing Threat Intelligence Director on NGFW, it is recommended to use 15 GB of memory on the host hardware for optimal performance.
Specifications of Firepower Management Center solution models
There are several different models of Firepower Management Center solutions. People should choose a model that suits their organization based on the number of sensor devices to be monitored (both physical and virtual), the number of hosts in the environment, and the estimated speed of security incidents. All models provide the same management capabilities, including:
- Monitoring network behavior and performance
- Centralized device, license, event and policy management
- Customizable dashboard with template-based and custom reports
- Correlation and correction features to respond to real-time threats
- Comprehensive reporting and alerts for both general and focused information
- Powerful High-Availability capabilities to ensure there are no single points of failure
- Event information and text and content displayed in tables with hyperlinks, graphs and charts
- Role-based management (views and tasks of segmentation and isolation based on admin group or role)
- Open APIs for integration with third-party solutions and customer workflows, such as firewalls, network infrastructure, log management, SIEM, trouble ticketing and patch management