This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Waldo
Participant
Thursday
Jump to solution

Objects based on AD domain info

We have just created an AD trust with a partner company.  Their AD domain is called "trusted.local".  We use our local AD domain "trusting.local" on our CP gateways for identity awareness functionality.

I am looking for a way to identify end users in the "trusted.local" AD domain based on the UPN suffix "trusted.local".  Something akin to "*@trusted.local" - I then want to be able to put them in an object that can be used in gateway policy as a source or destination..

 

Any ideas?  Thanks

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Thursday
Jump to solution

In order to see identities from another AD server; you’d have to configure Identity Collector to poll that AD server.
This is because to associate a user with an IP, we need to see the Security Logs from AD showing the user login.
Also, there would need to be an LDAP Account Unit defined for the relevant LDAP Branch.
Whether the partner will give you the necessary access to do that is a separate question.

View solution in original post

(1)
2 Replies
PhoneBoy
Admin
Admin
Thursday
Jump to solution

In order to see identities from another AD server; you’d have to configure Identity Collector to poll that AD server.
This is because to associate a user with an IP, we need to see the Security Logs from AD showing the user login.
Also, there would need to be an LDAP Account Unit defined for the relevant LDAP Branch.
Whether the partner will give you the necessary access to do that is a separate question.

(1)
the_rock
Legend
Legend
Friday
Jump to solution

Phoneboy explained it perfectly.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events