topic Identity Awareness - AD User Session in Firewall and Security Management

Identity Awareness - AD User Session

Bernardes — Sat, 03 Jun 2023 15:44:02 GMT

Dear all,

I'm facing a difficulty regarding Identity Awareness. We have configured the environment to display the captive portal when a machine outside the domain opens the browser and tries to access a website.

However, we have also configured it so that when a machine within the domain with an authenticated AD user opens the browser, Check Point should recognize this authentication and allow browsing.

The problem is that the same machine, on the first test, was within the domain and had an authenticated user, so browsing was automatically allowed as expected. But when testing the same machine by removing it from the domain and logging in with a local user, it still had the same permissions as in the previous test, as if the AD user session was stuck on the Check Point.

How can we make Check Point recognize that the user has logged out from a particular machine and when the local user tries to browse, display the captive portal for them?

Is there any configuration that associates the initially authenticated user with the machine?

Re: Identity Awareness - AD User Session

Wolfgang — Sun, 04 Jun 2023 20:03:56 GMT

@Bernardes only login events are logged in Active Directory, There is a default timeout with identity awareness how long a user to IP association will be active. If a new user does login on the same host a new user to IP association will be created. But if this is not a domainuser no one get the information who is logging in, because this is no domain event.

The solution to identify local and domain users is the Identity Agent. But be aware, if you use local user „myuser01“ on host A and local user „myuser01“ on host B, they have the same name but they are not the same.

Re: Identity Awareness - AD User Session

PhoneBoy — Mon, 05 Jun 2023 15:49:06 GMT

Only way to do that is by deploying one of the Identity Agents.