cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
gaa
Ivory

Way to collect Remote Access user and duration information? RADIUS Accounting?

We are using an MFA product layered on top of Windows NPS.   In the RADIUS Account records we can see our Cisco VPN sessions but CheckPoint VPNs don't show.   I asked CheckPoint support about this and was told that CP does not do RADIUS Accounting.   (If so, why are there settings for it?)

From what I can tell, it seems that CP will do RADIUS Accounting when it is needed by the RADIUS server to manage the IP address pool.

I looked at NPS and it seems that it won't return a single IP.   It will at best return a fixed subnet.

Who then picks the single IP from that subnet?

Can NPS be made to return a single address?

If not, and it returns a subnet, can CheckPoint pick one IP?

And if all that works, will CheckPoint then send RADIUS Accounting records?

My goal is to be able to get a list of all logins with user names, times and durations.

Barring RADIUS, does anyone else know how to get this information any other way?   I have tried exporting the CheckPoint logs to CSV and discovered that SMB devices do not seem to log this information.   Gaia and Splat systems do, not Gaia-embedded.

Anyone have any ideas?

0 Kudos
1 Reply
Admin
Admin

Re: Way to collect Remote Access user and duration information? RADIUS Accounting?

The RADIUS Accounting settings are for importing information for Identity Awareness.
Check Point does not export any information via RADIUS Accounting.
While you can use RADIUS to authenticate users, IPS are assigned by the gateway using the Office Mode subnet configured for the gateway.

Possible these threads may provide some insight:
https://community.checkpoint.com/t5/Logging-and-Reporting/Timeline-report-for-concurrent-VPN-users/m...
https://community.checkpoint.com/t5/Logging-and-Reporting/Scheduled-report-for-VPN-users-usage/m-p/2...
0 Kudos