- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Identity Awareness using AD Security Group with Id...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Identity Awareness using AD Security Group with Identity and Machine ID
Hi Checkmates,
I am using Checkpoint Infrastructure and we want to implement Identity Awareness for the VPN access. The design is to use security groups created on Active Directory.
My concern is that we will use security groups that contain both the Identity of the user and the Machine ID of the user. The reason for this is that we want to use the same security group for the Identity Awareness on the Checkpoint Firewall and the Machine Authentication on Cisco ISE.
1) I want to ask you if Checkpoint can operate with security groups that contain both Identity and Machine ID(personal computer) of the user.
2) Do you know which is the first value that Checkpoint will inspect inside a security group(The Identity ID or the Machine ID);
Thank you!!
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depends on how you define the access role in question.
If the role requires both, then both will be used.
If the role requires only one or the other, only that one will be used.
Multiple access roles can apply to a given connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depends on how you define the access role in question.
If the role requires both, then both will be used.
If the role requires only one or the other, only that one will be used.
Multiple access roles can apply to a given connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Phoneboy for your immediate response, inside the access role i am using the security group which contains both the Identity ID and the Machine ID. At the Firewall i only want to check the username of the user which is inside the security group and not the Machine ID .
From your answer i understood that this is going to happen without any problem.