topic Re: Objects based on AD domain info in Firewall and Security Management

Objects based on AD domain info

Waldo — Thu, 13 Feb 2025 15:40:31 GMT

We have just created an AD trust with a partner company. Their AD domain is called "trusted.local". We use our local AD domain "trusting.local" on our CP gateways for identity awareness functionality.

I am looking for a way to identify end users in the "trusted.local" AD domain based on the UPN suffix "trusted.local". Something akin to "*@trusted.local" - I then want to be able to put them in an object that can be used in gateway policy as a source or destination..

Any ideas? Thanks

Re: Objects based on AD domain info

PhoneBoy — Fri, 14 Feb 2025 04:38:25 GMT

In order to see identities from another AD server; you’d have to configure Identity Collector to poll that AD server.
This is because to associate a user with an IP, we need to see the Security Logs from AD showing the user login.
Also, there would need to be an LDAP Account Unit defined for the relevant LDAP Branch.
Whether the partner will give you the necessary access to do that is a separate question.

Re: Objects based on AD domain info

the_rock — Fri, 14 Feb 2025 15:08:55 GMT

Phoneboy explained it perfectly.

Andy