This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kb1
Collaborator
‎2020-03-11 02:58 PM

have a question regarding mobile access policy

so i needed some clarification on what happens in the logs for accept or rejecting a user based on policy, will be attaching a screenshot as well, now we have a user who is trying to log into an application called PNR_Unchecker and is getting rejected, user groups are mentioned as well, now i want a clarification of why he might be getting rejected, is it because the user groups that are mentioned (under mobile access details) are the only groups that are allowed access and he doesnt belong to them? or he belongs to those user groups and thats why he isnt granted access? btw i do have the rule in mobile access policy configured to have users from iqor.supervisor access to PNR_Unchecker(iqor.supervisor under users column, and the PNR_Unchecker under applications column if thats how it should be configured and installed on the required gateways) , also there are 5 rules in total with every rule having PNR_Unchecker under applications, doesnt that mean all the user groups defined in those rules should be able to access this particular application? if thats the case why does it only show iqor.supervisor under mobile access details in the screenshot and not the other user groups as well? and another thing why does it not show the rule number as well in the logs? that would be helpful wouldnt it??Capture.PNG

 

Thank You,

Regards.

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2020-03-11 06:11 PM

It looks like MAB is failing HTTP Authentication to access the backend website.
What happens when you try to access the same URL from the CLI of the gateway with curl or similar?
0 Kudos
kb1
Collaborator
‎2020-03-11 06:36 PM
In response to PhoneBoy

I will try that out and update here.
0 Kudos
kb1
Collaborator
‎2020-03-12 09:39 AM
In response to PhoneBoy

Hello,

Can you point me to an sk that states all the curl commands that are used in situations like this?

Thank You.
0 Kudos
kb1
Collaborator
‎2020-03-12 09:49 AM
In response to PhoneBoy

According to the output this is clealry a backend server issue isnt it? the user group hasnt been allowed access to this appication yet right?Capture.PNG

Regards.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-12 12:10 PM
In response to kb1

curl_cli is curl on a Linux system and you can see man pages for it elsewhere.
Since no credentials were sent to the backend site, you're getting an unauthorized message.
What credentials have to be sent to the backend server to access it?
0 Kudos
kb1
Collaborator
‎2020-03-12 12:16 PM
In response to PhoneBoy

the thing is im getting http ok for other http application links that im using without providing user credentials, so thats why i thought that maybe its a server issue, and how do i type credential user and password using this command?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-12 12:46 PM
In response to kb1

curl_cli --help should tell you everything you need.
How to translate this in your MAB configuration, I would have to check.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events