https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184828#M33975 <P>Yes, you can leverage Identity Sharing.</P> Mon, 26 Jun 2023 17:15:47 GMT PhoneBoy 2023-06-26T17:15:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184679#M33926 <P>Hello guys,</P><P>&nbsp;</P><P>I need some help about identity awareness. We are currently using R81.10 take 87 in VSX environment.&nbsp;</P><P>I used identity collector as a identity source. This source is fine when we first authenticate to the AD.&nbsp;</P><P>But during working hours, users have to changed different IPs and have to do network roaming.</P><P>When the IP is changed for that user, security gateways do not have the updated IP information and the connections are being blocked without hitting the access role policy. Other vendors' firewalls are working fine with that kind of situation.</P><P>Is there anything I missed to configure? Do I need another identity sources to work with that kind of situations.</P><P>&nbsp;</P><P>Thanks</P> Fri, 23 Jun 2023 18:19:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184679#M33926 Wyl 2023-06-23T18:19:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184699#M33937 <P>We recommend acquiring the identity of the user as close as possible to the source.<BR />In some cases, we recommend installing an Identity Agent.<BR />This is required in the case of Multi-User hosts and highly recommended for users who roam.<BR />See:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk134312" target="_blank">https://support.checkpoint.com/results/sk/sk134312</A>&nbsp;</P> Sat, 24 Jun 2023 16:50:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184699#M33937 PhoneBoy 2023-06-24T16:50:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184708#M33940 <P>Be sure you add of your DCs to the Identity collector which I assume you did since the initial IP is working as you indicated but&nbsp;Identity Agent is the way to go IMHO as Phoneboy indicated.</P> Sun, 25 Jun 2023 06:03:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184708#M33940 JoSec 2023-06-25T06:03:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184737#M33947 <P>I am planning to use identity agents and terminal servers agents. Is it work with identity sharing feature since Identity agents can only connect to one VSX? Thanks for your advice.</P> Mon, 26 Jun 2023 02:50:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184737#M33947 Wyl 2023-06-26T02:50:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184828#M33975 <P>Yes, you can leverage Identity Sharing.</P> Mon, 26 Jun 2023 17:15:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Access-role-is-not-working-with-Identity-collector-when-network/m-p/184828#M33975 PhoneBoy 2023-06-26T17:15:47Z