Identity Awareness failsafe

Alex_Sykes — Thu, 05 Dec 2019 17:50:37 GMT

Hi,

We're deploying new gateways heavily reliant on IA and we've had a few IA problems, most of which are resolved now fortunately, however, we're looking at a failsafe should IA not work again.

Does anyone on here have any recommendations? Captive Portal is one option, but that will only work for HTTP/s applications (unless I'm mistaken). What happens if IA fails and users need to access applications using SSH or any other non HTTP/s protocol?

Thanks

Alex

Re: Identity Awareness failsafe

PhoneBoy — Fri, 06 Dec 2019 22:32:44 GMT

Captive Portal only works for HTTP(S) connections.
Presumably users could authenticate themselves using this mechanism prior to using SSH or other protocols.
Users could also theoretically authenticate to some other server using RADIUS then set up RADIUS Accounting so that information is imported via Identity Awareness.

topic Identity Awareness failsafe in Firewall and Security Management

Identity Awareness failsafe

Re: Identity Awareness failsafe