- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Indentity awareness for users with credentials
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Indentity awareness for users with credentials
In our retail stores we have users that need access to specific sites that we allow with a source of any. On that blade we have not enabled identity awareness. We have some users that need access to sites used by an HR group we have. To allow just that group on the one rule I have to enable identity awareness. Will that affect the other rules that have any as he source. These rules are on the application layer of the policy.
Thanks,
Eric Speake
- Labels:
-
Policy Installation
-
SmartConsole
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whebn using ia with rules think about the access roles as any other object you can put on the source of the rule.
As long as you wont block any one they wont be blocked.
The access role is onlty there to translate user identity data from multiple source into "ip" addresses.
Remember that the fw is still a fw so when a packet goes by it does not know it it's user x or user y .. It relies on logs it collects from domain controller for example to understand that user x logs into a machine that has the ip 1.1.1.1 and when it tries to match a packet with ip that has a user mapped to it he will check the access roles also
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Eric,
There will not be any impact but make sure that specific rules should be on top.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whebn using ia with rules think about the access roles as any other object you can put on the source of the rule.
As long as you wont block any one they wont be blocked.
The access role is onlty there to translate user identity data from multiple source into "ip" addresses.
Remember that the fw is still a fw so when a packet goes by it does not know it it's user x or user y .. It relies on logs it collects from domain controller for example to understand that user x logs into a machine that has the ip 1.1.1.1 and when it tries to match a packet with ip that has a user mapped to it he will check the access roles also