Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oussama_Kadim1
Contributor

Identity awareness and AD logs

Bonjour,

Je souhaiterai implémenter l'ID Awareness sur checkpoint basé sur une authentification AD.

Le problème qui se pose est que le client ne souhaite pas que l'AD envoi les events logs au checkpoint.

Pouvez vous me dire si il y a une possibilité de faire de l'ID awareness avec une authentification AD sans que le Firewall ne recupère les events Logs AD ( Genre le client envoi un ticket Kerberos directement au Checkpoint).

Cordialement.

---------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

I would like to implement ID Awareness on checkpoint based on AD authentication.

The problem is that the client does not want that the AD sends the events logs to the checkpoint.

Could you please tell me if there is an option to make the ID awareness based on AD authentication on the checkpoint without AD event logs?

Regards.

4 Replies
PhoneBoy
Admin
Admin

You have at least two other options:

Oussama_Kadim1
Contributor

Thank you for your answer.

0 Kudos
Carsten_Pfitzer
Explorer

Dameon Welch Abernathy

I am currently facing the same problem, and according to your link the Identity Collector does also need the security logs from the DCs:

Technical Description

The Identity Collector is using the Windows Event Log API for fetching the DC's security logs.
Windows Event Log is included in the operating system beginning with Windows Vista and Windows Server 2008 (client and server).

0 Kudos
PhoneBoy
Admin
Admin

Yes, you're right, I missed that.

The main difference between AD Query and Identity Collector is the API used to acquire the information.

The reason we need to read the security logs is to automatically associate IP addresses to usernames and machine names.

LDAP is used to get groups, which are also relevant for Access Roles.

Identity Agent can also get the information, but this requires installing agents on the local PCs.

There is also an agent for Terminal Servers.

And of course Captive Portal, as I mentioned earlier (but this is not necessarily automatic).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events