This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wyl
Explorer
‎2023-06-23 11:19 AM
Jump to solution

Access role is not working with Identity collector when network roaming

Hello guys,

 

I need some help about identity awareness. We are currently using R81.10 take 87 in VSX environment. 

I used identity collector as a identity source. This source is fine when we first authenticate to the AD. 

But during working hours, users have to changed different IPs and have to do network roaming.

When the IP is changed for that user, security gateways do not have the updated IP information and the connections are being blocked without hitting the access role policy. Other vendors' firewalls are working fine with that kind of situation.

Is there anything I missed to configure? Do I need another identity sources to work with that kind of situations.

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-06-26 10:15 AM
In response to Wyl
Jump to solution

Yes, you can leverage Identity Sharing.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
‎2023-06-24 09:50 AM
Jump to solution

We recommend acquiring the identity of the user as close as possible to the source.
In some cases, we recommend installing an Identity Agent.
This is required in the case of Multi-User hosts and highly recommended for users who roam.
See: https://support.checkpoint.com/results/sk/sk134312 

0 Kudos
JoSec
Collaborator
‎2023-06-24 11:03 PM
In response to PhoneBoy
Jump to solution

Be sure you add of your DCs to the Identity collector which I assume you did since the initial IP is working as you indicated but Identity Agent is the way to go IMHO as Phoneboy indicated.

0 Kudos
Wyl
Explorer
‎2023-06-25 07:50 PM
In response to PhoneBoy
Jump to solution

I am planning to use identity agents and terminal servers agents. Is it work with identity sharing feature since Identity agents can only connect to one VSX? Thanks for your advice.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-26 10:15 AM
In response to Wyl
Jump to solution

Yes, you can leverage Identity Sharing.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events