This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Herselman
Advisor
‎2018-12-19 08:28 PM

Stop clearing ADQuery Identity Awareness during policy installation

Installing policy has the effect of clearing known user identity awareness, the primary reason why we advocate only handling this outside of business hours.

There are however often reasons why customers ask for policy installations during work hours, is there no way for a security gateway not to clear PDP during this process as user's internet access is subsequently inhibited until they restart their browser (initiates Kerberos browser based authentication as the browser handles captive portal detection), switches or cycles connectivity (initiates captive portal detection) or re-login (initiates ADQuery event)?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2018-12-21 02:37 PM

As far as I know, this shouldn't happen.

There's a note in our Best Practice documentation about something that happens during policy installation, namely we re-lookup all the LDAP groups associated with each user the gateway knows about.

Best Practices - Identity Awareness Large Scale Deployment 

That couldn't happen if we cleared all the users on policy installation.

I recommend opening a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events