topic Re: Identity Collector not fetching logins in Firewall and Security Management

Identity Collector not fetching logins

Netadmin2020 — Sat, 09 Jan 2021 08:22:00 GMT

Good morning!

I just finish with IDA Setup. The connections seems to be fine but I cannot see any logins. Is anything that I missing here?

Re: Identity Collector not fetching logins

PhoneBoy — Sat, 09 Jan 2021 18:07:42 GMT

What version/JHF of gateway?
Do you see any TCP connections between IDC and the gateway?

Re: Identity Collector not fetching logins

Netadmin2020 — Sat, 09 Jan 2021 18:40:14 GMT

I manage to set it all working.

two questions:

a) I add 38 Domain Controllers and I read that the limit is 35 domain controllers per connector ..

b) how exactly the priority of identity works ? I mean each site has a central Domain Controller if this failed , how exactly the polling choose which will be the one that will pull the identity of a user ?

thank you

Re: Identity Collector not fetching logins

Martin_Valenta — Sun, 10 Jan 2021 07:53:17 GMT

did you configure any rule with access role and installed that policy?

Also check logs for blade:Identity awareness

Re: Identity Collector not fetching logins

Netadmin2020 — Sun, 10 Jan 2021 09:48:45 GMT

As I said it is working now ! If it is possible someone to answer the above questions

Re: Identity Collector not fetching logins

PhoneBoy — Mon, 11 Jan 2021 03:48:56 GMT

You will need to deploy another IDC in this case.

Keep in mind that IDC is only acquiring the username, namely from the AD logs.
There is no "priority" for this part.
The gateway has to query AD for groups.
The priority in this case is ordered as you configure where "first to respond" wins.

Re: Identity Collector not fetching logins

Netadmin2020 — Mon, 11 Jan 2021 05:19:05 GMT

a) I have deploy 2 IDCs but they are exactly the same. Each pool that I have created included 38 DCs. (So can i divide it here 35 per DC?)

b) So mean that IDCs communicate with the AD pulls the information of each DC and sent it every 10 seconds to the gateways.?

Re: Identity Collector not fetching logins

PhoneBoy — Mon, 11 Jan 2021 06:14:27 GMT

Each IDC should talk to no more than 35 AD (Log) Servers.
What configuration you use to achieve that is up to you.
If IDC learns the same thing from multiple AD (Log) servers within a few minutes, it’s only going to send it to the gateway once.

Re: Identity Collector not fetching logins

Netadmin2020 — Mon, 11 Jan 2021 06:26:58 GMT

I have setup 2 IDC’s the second one is for redundancy. Each DC report for a different site. So each of one them is important. How can I do it ?

Re: Identity Collector not fetching logins

PhoneBoy — Mon, 11 Jan 2021 08:09:47 GMT

If you have two set up for redundancy right now with 38 AD servers, you will now need four.
The IDC instances should be set up close (network-wise) to the different AD servers.

Re: Identity Collector not fetching logins

Martin_Valenta — Mon, 11 Jan 2021 08:27:16 GMT

we have exactly same kind of setup 36 AD and two IDC servers, each gateway is connected to both IDC. IDC will always keep in record firstly arrived event, other events for same IP,username are ignored.

Re: Identity Collector not fetching logins

Netadmin2020 — Mon, 11 Jan 2021 09:33:21 GMT

Guys I have disabled the AD Query and now is only with the collectors.

The thing is I have cases that it does not identify a small number of users at all and a case that it has identify a user but the traffic is dropped.

Please help