Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bernardes
Advisor
Advisor

Identity Awareness - AD User Session

Dear all,


I'm facing a difficulty regarding Identity Awareness. We have configured the environment to display the captive portal when a machine outside the domain opens the browser and tries to access a website.

However, we have also configured it so that when a machine within the domain with an authenticated AD user opens the browser, Check Point should recognize this authentication and allow browsing.

The problem is that the same machine, on the first test, was within the domain and had an authenticated user, so browsing was automatically allowed as expected. But when testing the same machine by removing it from the domain and logging in with a local user, it still had the same permissions as in the previous test, as if the AD user session was stuck on the Check Point.

How can we make Check Point recognize that the user has logged out from a particular machine and when the local user tries to browse, display the captive portal for them?

Is there any configuration that associates the initially authenticated user with the machine?

0 Kudos
2 Replies
Wolfgang
Authority
Authority

@Bernardes only login events are logged in Active Directory, There is a default timeout with identity awareness how long a user to IP association will be active. If a new user does login on the  same host a new user to IP association will be created. But if this is not a domainuser no one get the information who is logging in, because this is no domain event.

The solution to identify local and domain users is the Identity Agent. But be aware, if you use local user „myuser01“ on host A and local user „myuser01“ on host B, they have the same name but they are not the same. 

0 Kudos
PhoneBoy
Admin
Admin

Only way to do that is by deploying one of the Identity Agents.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events