- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi All
Forgive me if this has been asked before, I could not find any posts which answered this... currently have Identity Awareness configured and using NTLMv1. Planning to migrate to NTLMv2.
Version R80.40 181
Reviewed ...
Would like to confirm the steps for a platform already using IA.
After step ...
On the Security Management Server:
Connect to the command line.
Log in to the Expert mode.
Run:
adlogconfig a
Enter the number of this option:
Use NTLMv2
Enter the number of this option:
Exit and save
My concern is step (c). Do you need to disable / enable IA blade - then run back through the wizard to essentially reinstall IA?
Just need a little clarification.
Thanks in advance.
Shane
Pretty sure this is not required.
Pretty sure this is not required.
Thanks for the prompt response 🙂
how would you validate the change from the checkpoint estate? if disabling and re-enabling/configuring the blade isn't necessary can the instructions be updated?
I assume you can see the changes reflected in the adlogconfig output.
indeed so - thank you, also seems you can revert the setting by choosing option 21 again from adlogconfig a
[ ] Override configuration
[ ] Enable Adlog
[ ] Enable log for login or logoff
[ ] Use log original creation time
Association timeout : 0
Full Name Query Interval (days, 0=disabled) : 0
Full Name Fetch Hour : 0
Multi-user host Detection Threshold: 7
Revoked user timeout interval : 14400
[X] Enable Multi-User Host persistence DB
Multi-User Host persistence machine timeout (minutes): 2592000
Service Account Detection Threshold: 10
[ ] Automatically Exclude Service Accounts
[ ] Override default communication parameters
Query Within count : 0
Query Max returned objects in each iteration: 0
[X] Disable password expiration check
[X] Use NTLMv2 <===========you are correct!
[ ] Single User Assumption
[ ] Don't report machines
[X] LDAP groups update notifications
Notifications accumulation time : 10 (sec)
[X] Notify only user-related LDAP changes
[ ] Prefer IPv6 DC addresses
[1] WMI query Type
====================================================
1 - Override file
2 - AD Log feature
3 - Enable log for login or logoff
4 - Use log original creation time
5 - Association timeout
6 - Full Name Query Interval
7 - Full Name Fetch Hour
8 - Add Domain name
9 - Delete Domain
10 - Username
11 - Password
12 - Domain Controllers
13 - Change Multi-User detection threshold
14 - Change Revoked User timeout interval
15 - Multi-User Host Persistence DB
16 - Multi-User Host Persistence machine timeout
17 - Override Default Communication Parameters
18 - Query Within interval
19 - Max returned objects in each iteration
20 - Password expiration check
21 - Use NTLMv2
22 - Single User Assumption
23 - Change Service Account Detection Threshold
24 - Ignore Events From Different Domains
25 - Automatically Exclude Service Accounts
26 - Don't report machines
27 - Turn LDAP groups update on/off
28 - Notifications accumulation time
29 - Update only user-related LDAP changes
30 - Prefer IPv6 DC addresses
31 - WMI Query Type
32 - Exit without saving
33 - Exit and save
Please enter your choice: 33
- Saving configuration file '/opt/CPsuite-R81.10/fw1/conf/ad_log_override.C'
Note: you can run 'adlogconfig a -test domainName' in order to test connectivity
[Expert@r81mgmt:0]# adlogconfig
adlogconfig usage:
adlogconfig l [-test domainName] - if you are using Identity Logging
adlogconfig a [-test domainName] - if you are using AD Query (Identity Awareness)
I do suspect the steps to disable and re-enable the identity awareness blade are necessary though and i expect we can only validate gateways are doing ntlmv2 in packet captures(?)
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY