This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lzl
Explorer
yesterday

Multiple Users in Source User Name

I have running Identity Awareness by using Identity Collector method to collect the info.

I had login a PC via multiple user. In log, the source username show both name.

 

Based on below article, it can solved by tick ""Assume that only one user...". but this is using AD Query method.

https://community.checkpoint.com/t5/Security-Gateways/Identity-Awareness-Multiple-Users-as-Source-Us...

 

so now i using Identity Collector, what setting i can change to solve this issue? 

 

 

0 Kudos
5 Replies
the_rock
Legend
Legend
yesterday

Is option I pointed to checked?

Andy

Preview file
46 KB
0 Kudos
emmap
Employee
Employee
yesterday

IDC as far as I know should already assume a single user per computer, per:

https://support.checkpoint.com/results/sk/sk105889

You can check the current state of that option on your gateway with: pdp conciliation idc_multiple_users stat

If it's already disabled but you're still seeing multiple users per machine, best raise a TAC case for investigation.

0 Kudos
the_rock
Legend
Legend
yesterday
In response to emmap

Never seen that sk, thank you for that!

Andy

0 Kudos
lzl
Explorer
yesterday
In response to emmap

Hi Emmap,

Thanks for sharing.

My setup requirement also is allow one user can login into a decvice at once. Just the PC will be use by multiple people. So the PC will login by multiple users. So in the "source name", i will see the username who had login to this PC. 

In identity collector, when select the IP related, i can see many username logged in the list. I try tick the "Ignore revoked user" to check it work or not. 

As i asking this is to confirm even though there have 2 username showed, but only the latest user will used by gateway when go through the rule right? because i have some issue (seem latest logged user can using previous user rights asboth users in different group ) when do the testing.

0 Kudos
emmap
Employee
Employee
yesterday
In response to lzl

You'll see in the traffic logs who the gateway is associating with which IP address. If there's only the one user there, then that's already ensuring that only the latest user to log in is associated with the IP address.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events