This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sukruozdemir
Contributor
‎2023-06-13 11:05 PM

Session Expiration-Captive Portal-Identity Awareness

Hello,
I have two 23500 R81.10 firewalls running in cluster mode. When I install a policy, the authentications of people who have verified themselves in Captive Portal drop. They have to login again.

In addition, even though the session timeout period that I set on the gateway for Linux users who have to use Captive Portal does not expire, session times expire at irregular time intervals.

It is unfortunate that Linux distributions do not have Identity Agent and VPN Client.

Best wishes
Sukru Ozdemir

Labels
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-06-14 11:20 AM

As far as I know, authenticated users shouldn't disappear on a policy installation.
As an example, see: https://support.checkpoint.com/results/sk/sk79060
As such, I recommend a TAC case: https://help.checkpoint.com 

On the more general subject of Linux users with Identity Awareness, they can be authenticated with Active Directory like Windows machines.
Which means you should be able to use Identity Collector or Kerberos to acquire the identities.
That assumes the Linux machines are tied into Active Directory, of curse.

To the best of my knowledge there are no plans to implement a native VPN client or Identity Awareness client for Linux.
Requests for these items should be discussed with your local Check Point office. 

0 Kudos
sukruozdemir
Contributor
‎2023-06-15 12:45 AM
In response to PhoneBoy

I was thinking that I can solve it without opening a case so that users do not fall in policy installation, but it turns out that I will have to open a case.
Collecting from AD with collector is not always a good solution for Linux users. We are using Exchange Server in our local, when the person using the computer logs in to a different e-mail address other than his own via /owa, the information he receives from collector AD changes and I begin to see it as if the common mail account is using that computer.
Installing an agent on the client is the most guaranteed solution for me, but unfortunately there is no agent even though there are many users on the linux side.

Thank you for your response
Best wishes 
Sukru

0 Kudos
Ruan_Kotze
Advisor
‎2023-06-15 01:44 AM
In response to sukruozdemir

Hi Sukru,

A workaround might be to schedule a cron job that enumerates the Netlogon share on a DC for example.  Anything that will cause a login event to be created, really.  You'd have to be mindful of password expiry and account lockouts though.

Thanks,
Ruan

0 Kudos
sukruozdemir
Contributor
‎2023-06-15 11:35 PM
In response to Ruan_Kotze

Hello Ruan,
Thank you for the information.
Kind regards
Sukru

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top