https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32188#M6731 <HTML><HEAD></HEAD><BODY><P>You have&nbsp;at least two other options:</P><UL><LI>Browser-based authentication (Captive Portal)</LI><LI>Identity Collector (which doesn't use AD logs), see here for a technical overview:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235">Identity Collector - Technical Overview</A>&nbsp;</LI></UL><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63311_pastedImage_1.png" style="width: 620px; height: 432px;" /></P></BODY></HTML> Fri, 23 Feb 2018 18:48:10 GMT PhoneBoy 2018-02-23T18:48:10Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32187#M6730 <HTML><HEAD></HEAD><BODY><P>Bonjour,</P><P></P><P>Je souhaiterai&nbsp;implémenter l'ID Awareness sur checkpoint basé sur une authentification AD.</P><P>Le problème qui se pose est que le client ne souhaite pas que l'AD envoi les events logs au checkpoint.</P><P>Pouvez vous me dire si il y a une possibilité de faire de l'ID awareness avec une authentification AD sans que le Firewall ne recupère les events Logs AD ( Genre le client envoi un ticket Kerberos directement au Checkpoint).</P><P></P><P>Cordialement.</P><P>---------------------------------------------------------------------------------------------------------------------------------------------------------</P><P>Hello,</P><P></P><P>I would like to implement ID Awareness on checkpoint based on AD authentication.</P><P>The problem is that the client does not want that the AD&nbsp;sends the events logs to the checkpoint.</P><P>Could you please tell me if there is an option to make the ID awareness based on AD&nbsp;authentication on the checkpoint without AD event logs?</P><P></P><P>Regards.</P></BODY></HTML> Fri, 23 Feb 2018 12:39:47 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32187#M6730 Oussama_Kadim1 2018-02-23T12:39:47Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32188#M6731 <HTML><HEAD></HEAD><BODY><P>You have&nbsp;at least two other options:</P><UL><LI>Browser-based authentication (Captive Portal)</LI><LI>Identity Collector (which doesn't use AD logs), see here for a technical overview:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235">Identity Collector - Technical Overview</A>&nbsp;</LI></UL><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63311_pastedImage_1.png" style="width: 620px; height: 432px;" /></P></BODY></HTML> Fri, 23 Feb 2018 18:48:10 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32188#M6731 PhoneBoy 2018-02-23T18:48:10Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32189#M6732 <HTML><HEAD></HEAD><BODY><P>Thank you for your answer.</P></BODY></HTML> Sun, 25 Feb 2018 00:35:09 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32189#M6732 Oussama_Kadim1 2018-02-25T00:35:09Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32190#M6733 <HTML><HEAD></HEAD><BODY><P><A href="https://community.checkpoint.com/migrated-users/2075">Dameon Welch Abernathy</A>‌</P><P></P><P>I am currently facing the same problem, and according to your link the Identity Collector does also need the security logs from the DCs:</P><P></P><H3>Technical Description</H3><P>The Identity Collector is using the Windows Event Log API for fetching the DC's security logs.<BR /> Windows Event Log is included in the operating system beginning with Windows Vista and Windows Server 2008 (client and server).</P></BODY></HTML> Mon, 09 Jul 2018 11:00:56 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32190#M6733 Carsten_Pfitzer 2018-07-09T11:00:56Z https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32191#M6734 <HTML><HEAD></HEAD><BODY><P>Yes, you're right, I missed that.</P><P>The main difference between AD Query and Identity Collector is the API used to acquire the information.</P><P>The reason we need to read the security logs is to automatically associate IP addresses to usernames and machine names.</P><P>LDAP is used to get groups, which are also relevant for Access Roles.</P><P></P><P>Identity Agent can also get the information, but this requires installing agents on the local PCs.</P><P>There is also an agent for Terminal Servers.</P><P>And of course Captive Portal, as I mentioned earlier (but this is not necessarily automatic).</P></BODY></HTML> Mon, 09 Jul 2018 11:16:26 GMT https://community.checkpoint.com/t5/General-Topics/Identity-awareness-and-AD-logs/m-p/32191#M6734 PhoneBoy 2018-07-09T11:16:26Z