Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MatthiasHoppe
Explorer

IA MUH agent does not pick up identities for all applications on AVD

We are using R81.20 on our MDS and all Gateways. We make intensive use of Identity Awareness, mostly together with Identity Agent, but in some cases also the MUH agent on Azure Virtual Desktop. Here we are handling an issue with the MUH agent.

We have a number of AVD-hosts, serving some hundrets of AVDs for our remote users. AVD availability is working fine, also fine is the automatic login to our Identity Awareness solution. Login is performed on one of our Firewalls and subsequently spread to all other Firewall by using our Identity Broker solution. All this is working well.

The user on the AVD can use multiple clients to connect to applications, e.g. Browsers, Remote-Desktop. Access is visible in the FW-Logs with the users identity.

Some users have the need to mount fileshares to their AVD. These users mount the fileshares by using the Windows File Explorer. They just enter into the File Explorer "\\hostname-of-fileshare\
On the Firewall there are rules configured allowing the user the correct access. All this is working perfectly well on individual workstations using the Identity Agent.
But on the AVD when trying this, we see the connection attempt in the FW-Log, but the "Source User" column is empty.

If the user tries the same thing in a Browser on the AVD ("https://hostname-of-fileshare:445"), we also see this conneciton in the FW-Log, but this time with a filled Source-User column.

It seems to be obvious that File Explorer on AVD is not working correctly together with the MUH Agent. And it is not only File Explorer. We also found the Command Prompt failing in the same way, e.g. when using ping.

Did anybody come across something like this and found a solution?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Only TCP/UDP applications are supported with MUH.
This is listed in the limitations here: https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Topics-IA-Client... 
That explains why ping (which uses ICMP) doesn't work.
Not sure what protocols File Explorer uses, but it explains why using from a browser works.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events