Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hrvoje_Brlek
Collaborator

MUH v2 - FAQ - advanced configuration?

Hi,

I am struggling to find any resource on how to do some advanced configuration for the MUHv2 agent for terminal servers.

Both sk164998 and sk66761 don't seem to exist any more.  And some advanced options, like the one on the pics below, don't seem to be explained in any of the available guides (IA admin guide or IA clients admin guide).

We are running VSX R81.10 (T110+), and are testing the MUHv2 agent on a Windows server, but would like to get some additional info - for example if it is possible for the agent to be simultaneously connected to two or more different gateways?

muhv2.JPG

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The screenshots are from the Identity Agent, not MUHv2.
In any case, I believe you can only connect it to one gateway (cluster).
However, once it is in one gateway, identities can be shared with others, possibly with Identity Broker (especially if gateways are in different management domains).

Hrvoje_Brlek
Collaborator

These are, indeed, screenshots from a MUHv2, you can see in the top left corner. It is true that after clicking on "Change Settings" every subsequent dialog box that appears has a title of "Check Point Identity Agent". That is the funny part, because none of the public available guides has a description of those advanced settings, in terms of using them for MUHv2 agents.

Nevertheless, it is possible to connect it to one gateway (cluster) only. I was exploring this option because we wanted to connect the MUHv2 agent to two gateways in different management domains (to avoid using Identity Broker). 

0 Kudos
the_rock
Legend
Legend

MUH, never an easy solution, takes me to R77 days lol. Honestly, I would contact TAC to hopefully do remote session and see if it can be fixed that way.

Pozdrav za Hrvatsku 🙂

Cao,

Andy

0 Kudos
Hrvoje_Brlek
Collaborator

Hvala @the_rock !

I will contact TAC to double-check, but it seems we will have to go with the use of Identity Broker in combination with MUHv2 and Identity Collector.

0 Kudos
the_rock
Legend
Legend

Man, good ol' identity agent, fun times when I worked with one client who had 90% of Mac machines : - )

Pozdrav!

Andy

0 Kudos
BookerE1
Explorer


@Hrvoje_Brlek wrote:

These are, indeed, screenshots from a MUHv2, you can see in the top left corner. It is true that after clicking on "Change Settings" every subsequent dialog box that appears has a title of "Check Point Identity Agent". That is the funny part, because none of the public available guides has a description of those advanced settings, in terms of using them for MUHv2 agents.

Nevertheless, it is possible to connect it to one gateway (cluster) only. I was exploring this option because we wanted to connect the MUHv2 agent to two gateways in different management domains (to avoid using Identity Broker). 


Hello, I found some possible solutions and resources that you can use to connect the MUHv2 agent to two gateways in different management domains. See below...

You can use the Identity Awareness MUH agent queries https://community.checkpoint.com/t5/Security/DogNeedsBest/Gateways/Identity-Awareness-MUH-agent-queries/td-p/135323  post from the Check Point CheckMates forum, where another user asked how to enable MUHv2 agent on terminal servers. You can find the answer from the Check Point Admin, who explained that a single PDP (Policy Decision Point) should not have more than 50 agents reporting to it and that you can have different MUHv2 agents reporting to different gateways that share identities.

I hope the solutions and resources that I found for your question. I hope this helps. 😊

 

Thanks,
Booker EVail

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events