This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
Authority
Authority
‎2022-02-14 04:22 AM

identity logging of internet browsing

Hello CheckMates,

we had a use case getting reports for internet browsing with user identity.
Normally this is no problem, but we have the requirement to install nothing in the customers directory service (ActiveDirectory).
Meaning no Identity Collector, no TerminalServerIdentityAgent. We can do logins or requests to the ActiveDirectory but all has to be done via external software/processes.

AD-Query will work, but this will be not more supported and does not work with the newest domain controller versions.

I've a feeling maybe captive portal is a solution but does this work for 3000-5000 users?
Does captive portal support authentication with SingleSignOn via ActiveDirectory ?
Does captive portal support authentication for users of TerminalServer (CitrixVDI, Microsoft TerminalServer) environments ?
Does captive portal support authentication if the connection seen on the gateway coming from a proxy with X_forwarding_for-flag set ?

Any other ideas ?
Identity Collector running on a server not member of this ActiveDirectory ?

Wolfgang

0 Kudos
1 Reply
Alex-
Leader Leader
Leader
‎2022-02-14 01:45 PM

If I get your question right, you can not install IC on the AD but you could on another server.

It will work as long as you get a user member of Event Log Readers group and have connectivity to both AD and FW according to the relevant SK and the firewall can do the reverse lookup.

It's usually my preferred choice of deployment, as customers never give access to their AD but would give me a dedicated server on which I could manage the IC software which doesn't require a domain admin account.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events