cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Eric_Speake
Nickel

Indentity awareness for users with credentials

Jump to solution

In our retail stores we have users that need access to specific sites that we allow with a source of any. On that blade we have not enabled identity awareness. We have some users that need access to sites used by an HR group we have. To allow just that group on the one rule I have to enable identity awareness. Will that affect the other rules that have any as he source. These rules are on the application layer of the policy.

Thanks,

Eric Speake

1 Solution

Accepted Solutions

Re: Indentity awareness for users with credentials

Jump to solution

Whebn using ia with rules think about the access roles as any other object you can put on the source of the rule.

As long as you wont block any one they wont be blocked.

The access role is onlty there to translate user identity data from multiple source into "ip" addresses. 

Remember that the fw is still a fw so when a packet goes by it does not know it it's user x or user y .. It relies on logs it collects from domain controller for example to understand that user x logs into a machine that has the ip 1.1.1.1 and when it tries to match a packet with ip that has a user mapped to it he will check the access roles also

2 Replies

Re: Indentity awareness for users with credentials

Jump to solution

Hi Eric,

There will not be any impact but make sure that specific rules should be on top.

0 Kudos

Re: Indentity awareness for users with credentials

Jump to solution

Whebn using ia with rules think about the access roles as any other object you can put on the source of the rule.

As long as you wont block any one they wont be blocked.

The access role is onlty there to translate user identity data from multiple source into "ip" addresses. 

Remember that the fw is still a fw so when a packet goes by it does not know it it's user x or user y .. It relies on logs it collects from domain controller for example to understand that user x logs into a machine that has the ip 1.1.1.1 and when it tries to match a packet with ip that has a user mapped to it he will check the access roles also