- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello CheckMates,
I am have a customer who is using SSL VPN (Mobile Access Blade) solution with Secure Workspace functionality for external 3rd party vendor users (Around 20K users), now customer is asking for device binding with user for restricting the access for designated users to avoid misuse of their data. (It is basically a Bank and having Loan application accessed by their 3rd party loan distributor or retailer and they are keeping their data safe using secure workspace but due to flexibility of login from anywhere users can login from any machine and leak the data to competitors)
Client machine are mostly Windows 7, 8. 10 desktop & laptops.
Customer is looking for user binding with MAC Address to restrict the access from allowed/designated machines only.
Regards,
Mahi
You could configure ESOD to ensure the machine people are connecting to meets some basic set of requirements.
I suppose that could include MAC address, but with 20k+ users, managing that could be a nightmare.
Mapping a specific user to a specific MAC would be an even bigger nightmare.
Another option would be to restrict access to the MAB portal to only come from specific IP addresses.
can you have explain how we can bind MAC or IP address. Is there detail document for ESOD configuration.
A simple Access Policy rule (in the firewall) should be able to limit access to the MAB portal from unauthorized IP addresses.
The MAC address is in the Windows registry (assuming these are Windows machines) and it would be somewhere under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} (Depending on the adapter).
Ip addresses are public IPs and not fixed hence not applicable and in ESOD we can not apply more than 1 profile which have OR condition applied on that.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY