topic R81 Identity Collector and different user subnets in Firewall and Security Management

R81 Identity Collector and different user subnets

josaic — Wed, 01 Sep 2021 00:38:30 GMT

My first post here in Checkmates and also a newbie when it comes to Checkpoint.

Below is my Checkpoint LAB running on EVEng.

GW1 & GW2 on R81; SMS on R81

MS Active Directory 2016 + Identity Collector installed on it

Identity Awareness enabled + Browser-Based Authentication (Captive Portal) + Identity Collector

Captive Portal is working properly, able to redirect traffic and able to login using AD based credentials and can browse internet once logged-in

Able to identify DomainUser1 in 10.10.20.x/24 network and has PDP information thus able to browse internet without being redirected to captive portal.

Issue:

No PDP information for DomainUser2 if in 10.10.40.x /24 network thus redirected to Captive Portal.

I wanted to have10.10.40.x/24 network being identified by PDP as well.

Re: R81 Identity Collector and different user subnets

PhoneBoy — Mon, 30 Aug 2021 05:03:24 GMT

Where is the AD server in this diagram?
I'm assuming machines in the 10.10.40/24 network are authenticating to the same AD server that is running Identity Collector?

Re: R81 Identity Collector and different user subnets

josaic — Tue, 31 Aug 2021 14:14:09 GMT

Hi. Active Directory and Identity Collector is the same machine. In the diagram you can see the Identity Collector/AD there.

Re: R81 Identity Collector and different user subnets

PhoneBoy — Wed, 01 Sep 2021 00:38:04 GMT

Ok, that wasn't clear in the diagram, and I missed that detail in your text.
@Royi_Priov any ideas?