This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gaa
Explorer
‎2019-04-09 06:09 PM

Way to collect Remote Access user and duration information? RADIUS Accounting?

We are using an MFA product layered on top of Windows NPS.   In the RADIUS Account records we can see our Cisco VPN sessions but CheckPoint VPNs don't show.   I asked CheckPoint support about this and was told that CP does not do RADIUS Accounting.   (If so, why are there settings for it?)

From what I can tell, it seems that CP will do RADIUS Accounting when it is needed by the RADIUS server to manage the IP address pool.

I looked at NPS and it seems that it won't return a single IP.   It will at best return a fixed subnet.

Who then picks the single IP from that subnet?

Can NPS be made to return a single address?

If not, and it returns a subnet, can CheckPoint pick one IP?

And if all that works, will CheckPoint then send RADIUS Accounting records?

My goal is to be able to get a list of all logins with user names, times and durations.

Barring RADIUS, does anyone else know how to get this information any other way?   I have tried exporting the CheckPoint logs to CSV and discovered that SMB devices do not seem to log this information.   Gaia and Splat systems do, not Gaia-embedded.

Anyone have any ideas?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2019-04-10 06:41 PM

The RADIUS Accounting settings are for importing information for Identity Awareness.
Check Point does not export any information via RADIUS Accounting.
While you can use RADIUS to authenticate users, IPS are assigned by the gateway using the Office Mode subnet configured for the gateway.

Possible these threads may provide some insight:
https://community.checkpoint.com/t5/Logging-and-Reporting/Timeline-report-for-concurrent-VPN-users/m...
https://community.checkpoint.com/t5/Logging-and-Reporting/Scheduled-report-for-VPN-users-usage/m-p/2...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events