This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Suresh_Kumar_K
Participant
‎2019-02-27 11:02 PM

Blocking Non active directory user from internet

Hi Team, 

We have configured AD users base authentication to give internet access, as of now the internet is getting use for all the users (ADusers and NON AD Users)

we need to block internet for non AD users.

what setting we want to do it on checkpoint.

regards

suri

0 Kudos
5 Replies
Kaspars_Zibarts
Employee Employee
Employee
‎2019-02-27 11:47 PM

I would suggest using Identity Awareness blade - but it's not just a tickbox that will magically desperate AD vs non-AD users. You will have to configure it and set rules using access roles instead of IPs

0 Kudos
Suresh_Kumar_K
Participant
‎2019-02-27 11:50 PM
In response to Kaspars_Zibarts

Dear Kaspars, 

Thanks for the replay, 

can we know how to configure set of rules to block non AD users 

regards

suri 

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
‎2019-02-27 11:59 PM
In response to Suresh_Kumar_K

I'm afraid I can't guide you through the process here as there are multiple options to chose from. So you will need to read up documentation first, make your design decisions and then implement it.

Good start point is identity awareness administration guide as part of regular documentation bundle depending on your SW version

Then you may want to check

ATRG: Identity Awareness 

or just search User Center

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-02-28 02:06 AM

Once you have Identity Awareness setup you would create an allow rule in which you use an access role, this needs to be filled with the correct AD Objects.

The next rule will be a drop for anything else.

Regards, Maarten
0 Kudos
Alessandro_Marr
Advisor
‎2019-02-28 09:30 AM

Use Identity Awareness as Kaspars Suggestion... remember that if your users change from OU on your AD many times you could have problems because access rules won´t looking for in others OU after their been created

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top