- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Bonjour,
Je souhaiterai implémenter l'ID Awareness sur checkpoint basé sur une authentification AD.
Le problème qui se pose est que le client ne souhaite pas que l'AD envoi les events logs au checkpoint.
Pouvez vous me dire si il y a une possibilité de faire de l'ID awareness avec une authentification AD sans que le Firewall ne recupère les events Logs AD ( Genre le client envoi un ticket Kerberos directement au Checkpoint).
Cordialement.
---------------------------------------------------------------------------------------------------------------------------------------------------------
Hello,
I would like to implement ID Awareness on checkpoint based on AD authentication.
The problem is that the client does not want that the AD sends the events logs to the checkpoint.
Could you please tell me if there is an option to make the ID awareness based on AD authentication on the checkpoint without AD event logs?
Regards.
You have at least two other options:
Thank you for your answer.
I am currently facing the same problem, and according to your link the Identity Collector does also need the security logs from the DCs:
The Identity Collector is using the Windows Event Log API for fetching the DC's security logs.
Windows Event Log is included in the operating system beginning with Windows Vista and Windows Server 2008 (client and server).
Yes, you're right, I missed that.
The main difference between AD Query and Identity Collector is the API used to acquire the information.
The reason we need to read the security logs is to automatically associate IP addresses to usernames and machine names.
LDAP is used to get groups, which are also relevant for Access Roles.
Identity Agent can also get the information, but this requires installing agents on the local PCs.
There is also an agent for Terminal Servers.
And of course Captive Portal, as I mentioned earlier (but this is not necessarily automatic).
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY