This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hemps
Explorer
‎2022-12-13 07:12 AM

Office Mode MAC assignment

Hello,

We use a 3rd party for our DHCP assignment. It bases the leases on the MAC address.

 

We have noticed that Checkpoint is assigning a new MAC address on reboots and thus getting a new IP/lease assigned to it. This showed up when we ran out of IP's in our pool and saw a lot of machines had 2 or 3 leases.

We have our MAC address for DHCP allocation set to "Unique per machine".

I ran a test of being connected to the vpn and getting an IP, disconnected my connection and reconnected and had the same mac and got the same IP. I then rebooted my laptop and then I got a new mac and thus a new leased IP. Is this normal?

 

Is there a way of getting a more consistent MAC so a machine doesn't receive a new lease each time?

0 Kudos
4 Replies
Alex_Sazonov
Employee
Employee
‎2022-12-13 12:59 PM

Hi @Hemps 

Please check this discussion https://community.checkpoint.com/t5/Remote-Access-VPN/Office-Mode-Algorithm-behind-quot-Unique-per-m...

BR,

Alexander S.

0 Kudos
the_rock
Legend
Legend
‎2022-12-13 06:07 PM

Here is what it says about that option "unique per machine:...to me, the fact you got the same IP when reconnected sounds right. Upon reboot, it would make sense you got new MAC address, therefore, a new IP address as well. As far as more consistent MAC address, not sire if virtual IP might be an option there.

DHCP allocates IP addresses per MAC address. When VPN needs an Office Mode address, it creates a MAC address that represents the client and uses it in the address request. The MAC address can be unique per machine or per user. If it is unique per machine, then VPN ignores the user identity. If different users work from the same Remote Access client they are allocated the same IP address.

0 Kudos
NiladriSarkar
Explorer
‎2024-03-14 03:50 AM
In response to the_rock

Hello @the_rock, are we aware of the algorithm used to allocate this MAC address by Checkpoint when 'Unique per machine'                 enabled? I am using 87.50 and did not find 

"fixed_om_mac_address"="0000"  in the path HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\TRAC

For unique per user we know that it uses the first 12 characters of HASH value of the username. In the same way do we know the algorithm behind unique per machine ? thanks in advance 

0 Kudos
the_rock
Legend
Legend
‎2024-03-14 04:40 AM
In response to NiladriSarkar

I would confirm with TAC in that. I would not know, sorry mate.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events