This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
smohammed
Explorer
‎2020-08-03 10:51 AM

Moving from workstations to Laptop on Domain

We have currently workstations in office. For remote work we use Laptop as a tool to do VPN and RDP to workstations. We want Laptops to be on domain rather than using to it to do RDP. 

now to have this feature working how should be the rules configured? currently to access servers rules are configured IP based. Now when Laptops will move to domain everytime user will do VPN it will have a new officemode IP. We dont have identity awareness blade enabled. 

I also have doubt that do we need additional server other than management server for Smart Endpoint?

Please help me

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin
‎2020-08-03 12:24 PM

SmartEndpoint isn't required here at all, but enabling Identity Awareness will definitely be a good idea.
You could actually create two different Access Roles here:

  1. One that is just specifies the relevant networks/hosts (optionally tie it to specific AD groups)
  2. Another that is Remote Access users 

Screen Shot 2020-08-03 at 12.22.01 PM.png

Make sure Remote Access is a valid identity source in the gateway/cluster object:  

Screen Shot 2020-08-03 at 12.23.21 PM.png

Note the reason I am suggesting an Access Role for the networks versus just using the network objects is because you generally can't mix regular network objects and access roles in the source/destination field of a rule.
Believe this limitation is removed in R80.40.

0 Kudos
Reply