Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
stich86
Contributor

Machine Authentication & Identity Awareness

Hi guys,

we are trying to enable machine authentication using AD machine enrollment, but we see two behaviours:

- the first one is the IP match with IA, after user logon on his laptop, we don't have the related event (that should be get from ADC), so all users rules based con Access Roles are not working

- the MA auth seems to work only with Legacy Login, this expose us to remove DynamicID from the authentication, so if some smart users change the type of login on the CP client can skip the 2FA 

Any hints on the two problems?

Thanks in advance!

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee

To clarify your not seeing the AD/DC side security events for log-on & log-off vs un-lock is the auditing set correctly for the same?

 

Note these are the priorities of the different Identity Sources:
1. Remote Access (enabled by default)
2. Identity Agent, Terminal Servers Identity Agent
3. Captive Portal, Identity Collector, RADIUS Accounting, Identity Awareness API
4. AD Query

0 Kudos
stich86
Contributor

check this link: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

i think the problem is related to how the recoinciliation works. As i've understood the Remote VPN connector cannot be modified appending an ADQ.

Is it right? 

Thanks

0 Kudos