Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alexey_Dagil
Participant
Jump to solution

Identity Awareness ignores machines

Hello! 

I am setting up a test environment. There is a distributed installation of Check Point, a pair of test computers, AD DS, IIS. AD Query connects correctly. Then, when changing the user, the message "Machine (machine name) at (IP address) has 1 users (or more) currently connected to it, and will be automatically ignored" appears in the logs. I did not make any additional settings on the gateway or in the account unit. Please tell me how to fix it.

Thanks!!

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
4 Replies
_Val_
Admin
Admin

Quoting from here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

  • User Change: If an unknown user association is encountered, and "assume one user per IP" is "on", all of the currently associated users are revoked, and the new association is added as the only user for this IP address. If there were any machine associations for this IP address, they are left intact. See "Single User Assumption" in the Identity Awareness Administration Guide for more information.

  • Multi user host detected: If 7 (by default) users are currently associated for the same IP address, the IP address is automatically considered a "multi user host". A log about it is issued, all of the currently associated users are revoked and all new user associations for this IP address are ignored.

In a nutshell, AD Query as the default choice only working reliably if users do not change machines too often. AD Query looks for log on events only and ignores log off ones. You can tweak the behaviour by tuning "Single User Assumption" settings (see the guide), but if you want a reliable tool allowing often user changes on a single PC, use IA Agent.

_Val_
Admin
Admin

In addition, look here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

for setting multi-user threshold, if required

Alexey_Dagil
Participant
Thanks! It was a Multi-User detection threshold.
_Val_
Admin
Admin

I am glad it works for you now

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events