- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi, I need some tips/recommendations how to control access from remote offices.
Today one main headquarter with all servers behind with two 3200.
20 small remote offices using 730 SMB firewalls with VPN to the 3200.
I want to control so only Windows AD joined computers have full access through the vpn tunnel.
All other devices should have limited access, for example printers, thin clients etc.
I can see 3 different approaches:
1. Control the vpn traffic in the 3200 firewall with user awareness.
2. Control the vpn traffic in the 730 firewalls (I think they also have user awareness with an Active Directory connection)
3. Setup 802.1x wired authentication in all remote switches and control the traffice with different vlans.
What would you do and why?
Hi Maarten,
Ok so If I enable Identity Awareness on the 3200 firewall and configure Active Directory as an Identity source it can control the vpn traffic that is initiated from a domain-joined computer in the remote office?
I thought it only could control traffic initiated from behind the 3200 firewall.
If it is correct then it is a simple good solution.
Do I need Identity Agens on every remote computers or will it work with clientless Activie Directory queries?
Thanks
Just to expand on this then as you are looking at using Active Directory joined machines then after setting up the IA Collectors then make sure that in the Access Roles that you create that not only do you specify Users but also specify Machines.
The Default Machines setting is Any Machine. If want to enforce AD joined machines then make sure that use the
Specific machines/groups
rather then
Any Machine.
That way the machine must be part of the group(s) that add so would have to be AD joined.
So would be controlling to users over the VPN to specific resources and would have to be from specific machines.
Thanks
But do I need to deploy the Identity Agent och every computer?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY