Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Identity Awareness question

Jump to solution

Hello all,

I have a bunch of questions regarding Identity Awareness... I have not yet managed to find related information to answer all my concerns, so I would very much appreciate it is someone could shed some light on the matter or point me into the right direction (links, docs etc).

In our environment (R80.30) we use Identity Collectors instead of running ad query, to get user information and the like. As I understand this information is received and processed by the gateways for pdp/pep. After capturing packets between the SMS and a domain controller I saw that there was DCERPC communication between the two, in order for the SMS to get information from the DCs security logs. Why is this needed? Isn't the Identity Collector responsible for obtaining this info? Why is this also needed on the SMS? I was under the impression that the SMS only used ldap/ldaps to communicate with the domain controllers. Where do the other communications come into play?

Thank you in advance.

 

0 Kudos
Reply
1 Solution

Accepted Solutions
Champion
Champion

Look into sk108235: Identity Collector - Technical Overview :

Identity Collector to Domain Controller 135,
and dynamically
allocated ports
DCOM protocol, which makes extensive use of DCE/RPC.

View solution in original post

0 Kudos
Reply
3 Replies
Contributor

Hello kadar2


It is the functionality of identity logging on management server. It uses ad query from management server in order to populate the logs with username information.

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide...

BR,
Kostas

Explorer

So it's only related to logging... Any idea why DCERPC is needed?

0 Kudos
Reply
Champion
Champion

Look into sk108235: Identity Collector - Technical Overview :

Identity Collector to Domain Controller 135,
and dynamically
allocated ports
DCOM protocol, which makes extensive use of DCE/RPC.

View solution in original post

0 Kudos
Reply