Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mazzufun
Explorer

Mail Alert - VPN user logon

hello there,

my customer asks if there's a way to configure an alert that would send an email to the specific remote user, at the moment it logins through remote access client VPN (check point mobile client for windows in this scenario).

Scenario:

  • Cluster VSX (VSLS) R80.40 JHF take 91
  • SMS pr + sec R80.40 JHF take 91
  • SmartEvent R80.40 JHF take 91
  • Firewall, IPSec VPN, Identity Awareness Software Blades enabled
  • Multi-Factor Authentication with Machine Authentication + User Auth (LDAP). (New VPN Deployment ON-GOING)
  • 500 remote user

Reflections:

The challenge in the request is that it would be necessary to deploy a script in the smartevent that would send a  mail for a specific recipient, for each log received.

Moreover, info of the recipient would be included (ex: if the log contains the string "the user x98765 login..." (x98765 user internal ID) it would be necessary to extract its email recipient from the user ID data.

thanks in advance

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

You are correct this is something you’d have to configure with SmartEvent and these are the issues to work out.
Depending on the type of user, you’d have to get the email address via LDAP or the management server using an API call.
We don’t have a pre-built function for this.
Curious: what is the reason you’re sending an email to the user on connection?

0 Kudos
mazzufun
Explorer

Curious: what is the reason you’re sending an email to the user on connection?

aha nice question... the customer needs to be warned if someone connects to the vpn with its credentials.

We tried several times to make it understand that with VPN multi-factor authentication (username&password (AD) + machine authentication), if someone successfully connects to the site with its user, means that someone have stolen its credentials but, more important, someone have stolen its workstation (!)(lol)

 

coming back to the topic question: we are thinking about the possibility to add DynamicID (with mail) to the currently MFA, but discard the OTP, just to have only the mail sent to the user recipient but not considering the OTP as an authentication method. Is that possible to bypass DynamicID OTP even if configured?

thanks

0 Kudos