Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS Block Computers on a Certain Windows Domain

I have been trying to figure out if the IPS can find out if a computer is part of a certain Domain and if so block it.

I have setup where I want a PC from domain

Workgroup\PCNAME to be blocked or at least logged by the IPS. I currently use multple TCP, UDP, and uri functions but I have never tried to look up the domain of a PC. If anyone has tried this or if it is not even possible I would like to know. I know a NAC solution would work but we don't have that at this moment.

Thank you for any help.

CreatePlease to create content