This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bernardes
Advisor
Advisor
‎2023-06-03 08:44 AM

Identity Awareness - AD User Session

Dear all,


I'm facing a difficulty regarding Identity Awareness. We have configured the environment to display the captive portal when a machine outside the domain opens the browser and tries to access a website.

However, we have also configured it so that when a machine within the domain with an authenticated AD user opens the browser, Check Point should recognize this authentication and allow browsing.

The problem is that the same machine, on the first test, was within the domain and had an authenticated user, so browsing was automatically allowed as expected. But when testing the same machine by removing it from the domain and logging in with a local user, it still had the same permissions as in the previous test, as if the AD user session was stuck on the Check Point.

How can we make Check Point recognize that the user has logged out from a particular machine and when the local user tries to browse, display the captive portal for them?

Is there any configuration that associates the initially authenticated user with the machine?

0 Kudos
2 Replies
Wolfgang
Authority
Authority
‎2023-06-04 01:03 PM

@Bernardes only login events are logged in Active Directory, There is a default timeout with identity awareness how long a user to IP association will be active. If a new user does login on the  same host a new user to IP association will be created. But if this is not a domainuser no one get the information who is logging in, because this is no domain event.

The solution to identify local and domain users is the Identity Agent. But be aware, if you use local user „myuser01“ on host A and local user „myuser01“ on host B, they have the same name but they are not the same. 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-05 08:49 AM

Only way to do that is by deploying one of the Identity Agents.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top