https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/183999#M33762 <P>As far as I know, authenticated users shouldn't disappear on a policy installation.<BR />As an example, see:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk79060" target="_blank">https://support.checkpoint.com/results/sk/sk79060</A><BR />As such, I recommend a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> <P>On the more general subject of Linux users with Identity Awareness, they can be authenticated with Active Directory like Windows machines.<BR />Which means you should be able to use Identity Collector or Kerberos to acquire the identities.<BR />That assumes the Linux machines are tied into Active Directory, of curse.</P> <P>To the best of my knowledge there are no plans to implement a native VPN client or Identity Awareness client for Linux.<BR />Requests for these items should be discussed with your local Check Point office.&nbsp;</P> Wed, 14 Jun 2023 18:20:48 GMT PhoneBoy 2023-06-14T18:20:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/183931#M33754 <P>Hello,<BR />I have two 23500 R81.10 firewalls running in cluster mode. When I install a policy, the authentications of people who have verified themselves in Captive Portal drop. They have to login again.<BR /><BR />In addition, even though the session timeout period that I set on the gateway for Linux users who have to use Captive Portal does not expire, session times expire at irregular time intervals.<BR /><BR />It is unfortunate that Linux distributions do not have Identity Agent and VPN Client.<BR /><BR />Best wishes<BR />Sukru Ozdemir</P> Wed, 14 Jun 2023 06:05:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/183931#M33754 sukruozdemir 2023-06-14T06:05:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/183999#M33762 <P>As far as I know, authenticated users shouldn't disappear on a policy installation.<BR />As an example, see:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk79060" target="_blank">https://support.checkpoint.com/results/sk/sk79060</A><BR />As such, I recommend a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> <P>On the more general subject of Linux users with Identity Awareness, they can be authenticated with Active Directory like Windows machines.<BR />Which means you should be able to use Identity Collector or Kerberos to acquire the identities.<BR />That assumes the Linux machines are tied into Active Directory, of curse.</P> <P>To the best of my knowledge there are no plans to implement a native VPN client or Identity Awareness client for Linux.<BR />Requests for these items should be discussed with your local Check Point office.&nbsp;</P> Wed, 14 Jun 2023 18:20:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/183999#M33762 PhoneBoy 2023-06-14T18:20:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/184041#M33769 <P>I was thinking that I can solve it without opening a case so that users do not fall in policy installation, but it turns out that I will have to open a case.<BR />Collecting from AD with collector is not always a good solution for Linux users. We are using Exchange Server in our local, when the person using the computer logs in to a different e-mail address other than his own via /owa, the information he receives from collector AD changes and I begin to see it as if the common mail account is using that computer.<BR />Installing an agent on the client is the most guaranteed solution for me, but unfortunately there is no agent even though there are many users on the linux side.<BR /><BR />Thank you for your response<BR />Best wishes&nbsp;<BR />Sukru<BR /><BR /></P> Thu, 15 Jun 2023 07:45:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/184041#M33769 sukruozdemir 2023-06-15T07:45:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/184048#M33770 <P>Hi Sukru,</P> <P>A workaround might be to schedule a cron job that enumerates the Netlogon share on a DC for example.&nbsp; Anything that will cause a login event to be created, really.&nbsp; You'd have to be mindful of password expiry and account lockouts though.</P> <P>Thanks,<BR />Ruan</P> Thu, 15 Jun 2023 08:44:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/184048#M33770 Ruan_Kotze 2023-06-15T08:44:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/184170#M33822 <P>Hello Ruan,<BR />Thank you for the information.<BR />Kind regards<BR />Sukru</P> Fri, 16 Jun 2023 06:35:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Session-Expiration-Captive-Portal-Identity-Awareness/m-p/184170#M33822 sukruozdemir 2023-06-16T06:35:50Z