https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31837#M6679 <HTML><HEAD></HEAD><BODY><P>We are using Microsoft DirectAccess and we are trying to implement CheckPoint Proxy with HTTPS Inspection. We have managed to get Proxy &amp; URL Filtering working via DirectAccess, however the logs do not show the originating computer/user, it just shows the VPN Server as the source.</P><P></P><P>This is obviously a problem when troubleshooting a specific user's problem or when we need to generate reports based on usage etc.</P><P></P><P>Does anyone have any ideas?</P></BODY></HTML> Fri, 23 Feb 2018 10:41:56 GMT Matt_Parfitt 2018-02-23T10:41:56Z https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31837#M6679 <HTML><HEAD></HEAD><BODY><P>We are using Microsoft DirectAccess and we are trying to implement CheckPoint Proxy with HTTPS Inspection. We have managed to get Proxy &amp; URL Filtering working via DirectAccess, however the logs do not show the originating computer/user, it just shows the VPN Server as the source.</P><P></P><P>This is obviously a problem when troubleshooting a specific user's problem or when we need to generate reports based on usage etc.</P><P></P><P>Does anyone have any ideas?</P></BODY></HTML> Fri, 23 Feb 2018 10:41:56 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31837#M6679 Matt_Parfitt 2018-02-23T10:41:56Z https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31838#M6680 <HTML><HEAD></HEAD><BODY><P>Have you enabled this option, by chance?</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63312_pastedImage_1.png" style="width: 620px; height: 193px;" /></P></BODY></HTML> Fri, 23 Feb 2018 18:54:48 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31838#M6680 PhoneBoy 2018-02-23T18:54:48Z https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31839#M6681 <HTML><HEAD></HEAD><BODY><P>I have the first two checkboxes enabled on that Proxy Settings page.</P></BODY></HTML> Mon, 26 Feb 2018 08:58:22 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31839#M6681 Matt_Parfitt 2018-02-26T08:58:22Z https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31840#M6682 <HTML><HEAD></HEAD><BODY><P>Unfortunately, you won't be able to identify your users when they are connected behind a Direct Access server. Indeed, the remote machines IP address is NATed by the DA server. As Checkpoint Identity Awareness maps a user to an IP address it won't work. Moreover, installing an IA agent doesn't help, as it cannot work through a DA server.</P><P>The only solution is to do NTLM/Kerberos authentication with an web proxy. This way, the user identity is carried by the browser request and not impacted by the IP address translation, allowing the proxy to identity the users.</P></BODY></HTML> Mon, 26 Feb 2018 15:07:08 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31840#M6682 David_GOURANTON 2018-02-26T15:07:08Z https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31841#M6683 <HTML><HEAD></HEAD><BODY><P>Thanks David. That sounds like a viable solution, is it possible to only apply the browser request on computers that are accessing the Internet via DirectAccess?</P></BODY></HTML> Tue, 27 Feb 2018 09:10:51 GMT https://community.checkpoint.com/t5/General-Topics/Microsoft-DirectAccess-Proxy-Identity-Awareness/m-p/31841#M6683 Matt_Parfitt 2018-02-27T09:10:51Z