Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michalis89
Contributor

Identity Awareness using AD Security Group with Identity and Machine ID

Jump to solution

Hi Checkmates,

I am using Checkpoint Infrastructure and we want to implement Identity Awareness for the VPN access. The design is to use security groups created on Active Directory. 

My concern is that we will use security groups that contain both the Identity of the user and the Machine ID of the user. The reason for this is that we want to use the same security group for the Identity Awareness on the Checkpoint Firewall and the Machine Authentication on Cisco ISE.

1) I want to ask you if Checkpoint can operate with security groups that contain both Identity and Machine ID(personal computer) of the user.  

2) Do you know which is the first value that Checkpoint will inspect inside a security group(The Identity ID or the Machine ID);

 

Thank you!!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Depends on how you define the access role in question.
If the role requires both, then both will be used.
If the role requires only one or the other, only that one will be used.
Multiple access roles can apply to a given connection. 

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Depends on how you define the access role in question.
If the role requires both, then both will be used.
If the role requires only one or the other, only that one will be used.
Multiple access roles can apply to a given connection. 

View solution in original post

0 Kudos
Michalis89
Contributor

Thank you Phoneboy for your immediate response, inside the access role i am using the security group which contains both the Identity ID and the Machine ID. At the Firewall i only want to check the username of the user which is inside the security group and not the Machine ID . 

From your answer i understood that this is going to happen without any problem.