Thursday, July 11, 2013

CheckPoint - Troubleshooting URLF blade e Identity Awareness

Here are some commands that I use to troubleshoot the integration between Identity Awareness and URL Filtering

Adlog
[Expert@cpfirewall01:0]# adlog a dc

Domain controllers:
Domain Name             IP Address              Connection state                Events in the last hour
===============================================================================================
acme.net;   10.100.17.101;            has connection;                 16531
acme.net;   10.100.17.102;            has connection;                 12230
acme.net;   10.200.28.8;              has connection;                 1436
acme.net;   10.200.35.195;            has connection;                 640
acme.net;   10.200.36.71;             has connection;                 2758
acme.net;   10.200.39.76;             has connection;                 656
acme.net;   10.200.52.10;             has connection;                 1768

Ignored domain controllers on this gateway:
acme.net
        => 10.200.32.48
        => 10.200.34.18




per avere informazioni su mappatura utente ROSSIM e gruppi/Access Roles

pdp monitor user NOME

[Expert@cpfirewall01]# pdp monitor user ROSSIM

Session:  32ed126c
Session UUID:  {92E78609-1CDF-C9D2-9C53-944F1E008C2C}
Ip:  10.100.23.53
Users:
 ROSSIM {56f49911}
   Groups: All Users;ad_group_Internet_Enabled;ad_group_IE_ACME
   Roles: AnyUser;ACME_AD_Internet_Enabled;acme_DomainUsers
   Client Type: portal
   Authentication Method: User & Password
   Connect Time: Tue Mar 12 16:31:09 2013
   Next Reauthentication: Wed Mar 13 04:31:15 2013
   Next Connectivity Check: Wed Mar 13 04:31:15 2013

Packet Tagging Status:  Not Active
Published Gateways:  Local
************************************************************************************


pdp monitor ip IPADDRESS

per avere informazioni su specifico indirizzo IP per capire che utente e' assegnato a questo indirizzo

[Expert@cpfirewall01]# pdp monitor ip 10.100.23.53

Session:  32ed126c
Session UUID:  {92E78609-1CDF-C9D2-9C53-944F1E008C2C}
Ip:  10.100.23.53
Machine:
 me21110ROSSIM@acme.net {0e5ca1ed}
   Groups: All Machines
   Roles: AnyUser
   Client Type: AD Query
   Authentication Method: Trust
   Connect Time: Tue Mar 12 16:37:03 2013
   Next Reauthentication: Tue Mar 12 17:22:38 2013
   Next Connectivity Check: Wed Mar 13 05:22:32 2013

Users:
 ROSSIM {56f49911}
   Groups: All Users;ad_group_Internet_Enabled;ad_group_IE_ACME
   Roles: AnyUser;ACME_AD_Internet_Enabled;acme_DomainUsers
   Client Type: portal
   Authentication Method: User & Password
   Connect Time: Tue Mar 12 16:31:09 2013
   Next Reauthentication: Wed Mar 13 04:31:15 2013
   Next Connectivity Check: Wed Mar 13 04:31:15 2013

 ROSSIM@acme.net {66b5612d}
   Groups: All Users;ad_group_Internet_Enabled;ad_group_IE_ACME
   Roles: AnyUser;ACME_AD_Internet_Enabled;acme_DomainUsers
   Client Type: AD Query
   Authentication Method: Trust
   Connect Time: Tue Mar 12 16:45:18 2013
   Next Reauthentication: Wed Mar 13 04:52:24 2013
   Next Connectivity Check: Wed Mar 13 05:22:32 2013

Packet Tagging Status:  Not Active
Published Gateways:  Local
************************************************************************************


pdp control revoke_ip IPADDRESS

per rimuovere l'associazione fra utente ed indirizzo IP

[Expert@cpfirewall01]# pdp control revoke_ip 10.100.23.53
Revoke command was sent to server for ip 10.100.23.53
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)