This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MatthiasHoppe
Explorer
a week ago

IA MUH agent does not pick up identities for all applications on AVD

We are using R81.20 on our MDS and all Gateways. We make intensive use of Identity Awareness, mostly together with Identity Agent, but in some cases also the MUH agent on Azure Virtual Desktop. Here we are handling an issue with the MUH agent.

We have a number of AVD-hosts, serving some hundrets of AVDs for our remote users. AVD availability is working fine, also fine is the automatic login to our Identity Awareness solution. Login is performed on one of our Firewalls and subsequently spread to all other Firewall by using our Identity Broker solution. All this is working well.

The user on the AVD can use multiple clients to connect to applications, e.g. Browsers, Remote-Desktop. Access is visible in the FW-Logs with the users identity.

Some users have the need to mount fileshares to their AVD. These users mount the fileshares by using the Windows File Explorer. They just enter into the File Explorer "\\hostname-of-fileshare\
On the Firewall there are rules configured allowing the user the correct access. All this is working perfectly well on individual workstations using the Identity Agent.
But on the AVD when trying this, we see the connection attempt in the FW-Log, but the "Source User" column is empty.

If the user tries the same thing in a Browser on the AVD ("https://hostname-of-fileshare:445"), we also see this conneciton in the FW-Log, but this time with a filled Source-User column.

It seems to be obvious that File Explorer on AVD is not working correctly together with the MUH Agent. And it is not only File Explorer. We also found the Command Prompt failing in the same way, e.g. when using ping.

Did anybody come across something like this and found a solution?

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
a week ago

Only TCP/UDP applications are supported with MUH.
This is listed in the limitations here: https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Topics-IA-Client... 
That explains why ping (which uses ICMP) doesn't work.
Not sure what protocols File Explorer uses, but it explains why using from a browser works.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
Saturday

To address the issue of the Identity Awareness (IA) Multi-User Host (MUH) agent not picking up identities for all applications on Azure Virtual Desktop (AVD), consider the following steps:

  1. Configuration Check: Ensure that the IA MUH agent is properly configured on the AVD. Double-check the settings to confirm they are set up to monitor the specific applications you are concerned about.

  2. Network Connectivity: Verify that there is stable network connectivity between the AVD and the Check Point gateway. Any disruptions could hinder the agent's ability to collect identities.

  3. Agent Version: Make sure the IA MUH agent is updated to the latest version. Older versions might not support all applications or could have bugs that are fixed in newer releases.

  4. Application Compatibility: Confirm that the applications you are trying to monitor are supported by the IA MUH agent. Some applications might not be compatible.

  5. Log Analysis: Review the logs on both the AVD and the Check Point gateway for any error messages or warnings that might provide clues about the issue.

  6. Policy Configuration: Check the security policies on the Check Point gateway to ensure they are configured to allow identity collection from the AVD.

  7. Resource Constraints: Assess if there are any resource limitations on the AVD that could be affecting the IA MUH agent's performance.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events