This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mazzufun
Explorer
‎2021-03-18 04:17 AM

Mail Alert - VPN user logon

hello there,

my customer asks if there's a way to configure an alert that would send an email to the specific remote user, at the moment it logins through remote access client VPN (check point mobile client for windows in this scenario).

Scenario:

  • Cluster VSX (VSLS) R80.40 JHF take 91
  • SMS pr + sec R80.40 JHF take 91
  • SmartEvent R80.40 JHF take 91
  • Firewall, IPSec VPN, Identity Awareness Software Blades enabled
  • Multi-Factor Authentication with Machine Authentication + User Auth (LDAP). (New VPN Deployment ON-GOING)
  • 500 remote user

Reflections:

The challenge in the request is that it would be necessary to deploy a script in the smartevent that would send a  mail for a specific recipient, for each log received.

Moreover, info of the recipient would be included (ex: if the log contains the string "the user x98765 login..." (x98765 user internal ID) it would be necessary to extract its email recipient from the user ID data.

thanks in advance

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2021-03-18 01:04 PM

You are correct this is something you’d have to configure with SmartEvent and these are the issues to work out.
Depending on the type of user, you’d have to get the email address via LDAP or the management server using an API call.
We don’t have a pre-built function for this.
Curious: what is the reason you’re sending an email to the user on connection?

0 Kudos
mazzufun
Explorer
‎2021-03-22 02:33 AM
In response to PhoneBoy

Curious: what is the reason you’re sending an email to the user on connection?

aha nice question... the customer needs to be warned if someone connects to the vpn with its credentials.

We tried several times to make it understand that with VPN multi-factor authentication (username&password (AD) + machine authentication), if someone successfully connects to the site with its user, means that someone have stolen its credentials but, more important, someone have stolen its workstation (!)(lol)

 

coming back to the topic question: we are thinking about the possibility to add DynamicID (with mail) to the currently MFA, but discard the OTP, just to have only the mail sent to the user recipient but not considering the OTP as an authentication method. Is that possible to bypass DynamicID OTP even if configured?

thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events