cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Url Filtering Gets Confuzzled by Multi-Logins

Jump to solution

We have several machines where there quick user switching. I've noticed that sometimes we'll get a complaint about a user who is supposed to be allowed to login to webmail sites, not being allowed to login to webmail sites. They get a block message. When I look in the logs The message has about 5-10 userids listed as the source. I'm assuming it just takes one of these with the email restriction to block the traffic. 

I also seem to have the same problem outbound. One ip by some ISP could service 1,000 destinations. If one is categorized as malicious all traffic to that ip is blocked. 

Any pointers ? 

1 Solution

Accepted Solutions
Employee+
Employee+

Re: Url Filtering Gets Confuzzled by Multi-Logins

Jump to solution

If you're in a scenario where users will be rapidly logging in and out, you might want to configure 'Assume that only one user is connected per computer'.

This way, when the gateway gets a new login event from the same IP as a previous association, we'll clear the previous one. If you don't have this check box set, you can run into these kinds of unexpected privilege escalation/de-escalation issues.

2 Replies

Re: Url Filtering Gets Confuzzled by Multi-Logins

Jump to solution

Check out the optional Identity Awareness Agent software that can be loaded on problematic systems in your network that are roaming around or have local user switching situations, there is no way to detect these types of events purely from the network and software is required on the workstation to help out:

sk63920: Identity Awareness Agent for Mac OS X

sk107415: Check Point Identity Agent for Microsoft Windows 10

sk88520: Best Practices - Identity Awareness Large Scale Deployment

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
Employee+
Employee+

Re: Url Filtering Gets Confuzzled by Multi-Logins

Jump to solution

If you're in a scenario where users will be rapidly logging in and out, you might want to configure 'Assume that only one user is connected per computer'.

This way, when the gateway gets a new login event from the same IP as a previous association, we'll clear the previous one. If you don't have this check box set, you can run into these kinds of unexpected privilege escalation/de-escalation issues.