This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
stich86
Employee
Employee
‎2021-01-09 10:56 AM
Jump to solution

Machine Authentication & Identity Awareness

Hi guys,

we are trying to enable machine authentication using AD machine enrollment, but we see two behaviours:

- the first one is the IP match with IA, after user logon on his laptop, we don't have the related event (that should be get from ADC), so all users rules based con Access Roles are not working

- the MA auth seems to work only with Legacy Login, this expose us to remove DynamicID from the authentication, so if some smart users change the type of login on the CP client can skip the 2FA 

Any hints on the two problems?

Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
stich86
Employee
Employee
‎2021-01-10 10:29 AM
Jump to solution

check this link: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

i think the problem is related to how the recoinciliation works. As i've understood the Remote VPN connector cannot be modified appending an ADQ.

Is it right? 

Thanks

View solution in original post

0 Kudos
10 Replies
Chris_Atkinson
Employee Employee
Employee
‎2021-01-10 02:35 AM
Jump to solution

To clarify your not seeing the AD/DC side security events for log-on & log-off vs un-lock is the auditing set correctly for the same?

 

Note these are the priorities of the different Identity Sources:
1. Remote Access (enabled by default)
2. Identity Agent, Terminal Servers Identity Agent
3. Captive Portal, Identity Collector, RADIUS Accounting, Identity Awareness API
4. AD Query

CCSM R77/R80/ELITE
0 Kudos
stich86
Employee
Employee
‎2021-01-10 10:29 AM
Jump to solution

check this link: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

i think the problem is related to how the recoinciliation works. As i've understood the Remote VPN connector cannot be modified appending an ADQ.

Is it right? 

Thanks

0 Kudos
henryck
Participant
‎2022-09-15 04:48 PM
In response to stich86
Jump to solution

Hi @stich86 

I am experiencing the same issue on R81.10 gateways.

Our machine certificate based remote access users are only being recognised by machine identity & not username.

Did you find out what causes this?

0 Kudos
Steffen_Appel
Advisor
‎2022-11-17 07:02 AM
In response to henryck
Jump to solution

We have the same problem actually.

0 Kudos
henryck
Participant
‎2022-11-17 01:14 PM
In response to Steffen_Appel
Jump to solution

Stitch86 was on the money, its due to reconciliation.

Our configuration was changed on the gateways in pdp_session_conciliation.c with help from TAC

0 Kudos
stich86
Employee
Employee
‎2022-11-17 10:52 PM
In response to henryck
Jump to solution

Sorry for late response!

i’m happy that you have solved the issue 🙂

0 Kudos
Steffen_Appel
Advisor
‎2022-11-17 11:35 PM
In response to henryck
Jump to solution

Can you tell me what you actually did and how it resolved the issue?

0 Kudos
stich86
Employee
Employee
‎2022-11-17 11:44 PM
In response to Steffen_Appel
Jump to solution

You should open a ticket to the TAC, so they can give you the change needed on PDP reconciliation 🙂

0 Kudos
Steffen_Appel
Advisor
‎2023-01-06 01:17 AM
In response to stich86
Jump to solution

TAC ticket is open but PDP change did not help.

0 Kudos
Steffen_Appel
Advisor
‎2023-01-10 02:18 AM
In response to henryck
Jump to solution

Just to make sure, you use the machine tunnel before and after logon?

Our supporter claims, that we have to turn the machine tunnel off after logon to get the user information correctly.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events