Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kadar2
Contributor
Jump to solution

Identity Awareness question

Hello all,

I have a bunch of questions regarding Identity Awareness... I have not yet managed to find related information to answer all my concerns, so I would very much appreciate it is someone could shed some light on the matter or point me into the right direction (links, docs etc).

In our environment (R80.30) we use Identity Collectors instead of running ad query, to get user information and the like. As I understand this information is received and processed by the gateways for pdp/pep. After capturing packets between the SMS and a domain controller I saw that there was DCERPC communication between the two, in order for the SMS to get information from the DCs security logs. Why is this needed? Isn't the Identity Collector responsible for obtaining this info? Why is this also needed on the SMS? I was under the impression that the SMS only used ldap/ldaps to communicate with the domain controllers. Where do the other communications come into play?

Thank you in advance.

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

Look into sk108235: Identity Collector - Technical Overview :

Identity Collector to Domain Controller 135,
and dynamically
allocated ports
DCOM protocol, which makes extensive use of DCE/RPC.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
Konstantinos_In
Contributor

Hello kadar2


It is the functionality of identity logging on management server. It uses ad query from management server in order to populate the logs with username information.

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide...

BR,
Kostas

kadar2
Contributor

So it's only related to logging... Any idea why DCERPC is needed?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Look into sk108235: Identity Collector - Technical Overview :

Identity Collector to Domain Controller 135,
and dynamically
allocated ports
DCOM protocol, which makes extensive use of DCE/RPC.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events