This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Johan_Rudberg
Contributor
‎2020-02-07 12:54 AM
Jump to solution

Identity awareness Access Rules

Hello

We are using Identity awareness with identity collector. When we create a access rule within the access policy in order to block a group of computers from accessing the internet, however this does not work, the traffic doesnt even match this rule. Creating a simular rule for users from the AD works just fine but not the computers. 

Any ideas?

Running version R80.20 HFA Take 91 

 

//Johan

0 Kudos
1 Solution

Accepted Solutions
abihsot__
Advisor
‎2020-02-12 04:35 AM
In response to Johan_Rudberg
Jump to solution

By default it is 4 hours. You have to change it if you want more frequent active directory fetch for group membership. You can do manually by using following command:

 

pdp update

Command: root->update

Available options:
all - recalculate all users and machines group membership
specific - recalculate group membership for a user/machine
refetch_interval - LDAP user info refetch interval
update_rate - the max number of sessions updated within a minute

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2020-02-07 03:25 AM
Jump to solution

What does the Access Role you’ve configured look like?
0 Kudos
Johan_Rudberg
Contributor
‎2020-02-13 12:34 AM
In response to PhoneBoy
Jump to solution

It is a AD Group configured under Machine in the Access Role
0 Kudos
abihsot__
Advisor
‎2020-02-07 04:43 AM
Jump to solution

probably there is no match for this access role. When you select specific workstations, which setting you have for "users" section?

Is your workstation exist here?

pep s u q mchn <workstation_name>

Daniel_Taney
Advisor
‎2020-02-07 05:19 AM
Jump to solution

Are the computers you are trying to block part of the AD domain? or are they standalone? 

R80 CCSA / CCSE
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2020-02-07 07:19 AM
Jump to solution

I remember I had to split "mixed"roles after upgrade to R80.x as machine IDs stopped working if the same role also had user IDs.

Try using role that has machine IDs / groups only if you have not done that

0 Kudos
Johan_Rudberg
Contributor
‎2020-02-12 04:27 AM
In response to Kaspars_Zibarts
Jump to solution

We resolved this problem by rebooting the management server, now the rule works!

 

However from the moment when a computer is added to the AD group it takes X hours before the rule deny the traffic, why is that so?

 

//Johan

0 Kudos
abihsot__
Advisor
‎2020-02-12 04:35 AM
In response to Johan_Rudberg
Jump to solution

By default it is 4 hours. You have to change it if you want more frequent active directory fetch for group membership. You can do manually by using following command:

 

pdp update

Command: root->update

Available options:
all - recalculate all users and machines group membership
specific - recalculate group membership for a user/machine
refetch_interval - LDAP user info refetch interval
update_rate - the max number of sessions updated within a minute

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events