There's still time left to test my Check Point 1140 before the Software Blade licenses expires. I'll be trying the Identity Awareness feature on this firewall.
The Application & URL Filtering Software Blade must be enabled to work in conjunction with Identity Awareness. Go to Access Policy tab > Blade Control > Application & URL Filtering > On > Apply.
To activate Identity (User) Awareness, either click Configure on User Awareness under Access Policy tab or go to Users & Objects > User Awareness > On. Click on the Configuration wizard.
Click Browser-Based Authentication (which is a Captive Portal authentication). These are common in a cafe and hotel wifi hotspot registration.
Tick Block unidentified users when the captive portal is not possible. This will redirect any users who wants to access the Internet to the captive portal to register first.
You can customize the captive portal by putting an Acceptable Use Policy (AUP) and uploading a company logo.
I've created local users (and a Group) for testing since an AD server isn't available in my lab.
You can have the option to put the users in a User Group.
You'll see this error message on the web browser since we haven't accepted yet the firewall's self-signed certificate. A new self-signed cert is generated each time the firewall reboots. To avoid this scenario, a Public Key Infrastructure (PKI) or a trusted third party CA (i.e. Verisign, GoDaddy, etc.) should be used. Click
Tick I have read and agreed to the terms and conditions and click Next. Login using the local users created on the firewall's database.
You'll see the created AUP disclaimer if you click on the terms and conditions hyperlink.
To verify logs, go to Logs & Monitoring > Security Logs and look for Identity Awarness logs under the Blade column.
I also tried the Identity Awareness/captive portal from my iPhone (login as Sophia).
The Application & URL Filtering Software Blade must be enabled to work in conjunction with Identity Awareness. Go to Access Policy tab > Blade Control > Application & URL Filtering > On > Apply.
Click Browser-Based Authentication (which is a Captive Portal authentication). These are common in a cafe and hotel wifi hotspot registration.
Tick Block unidentified users when the captive portal is not possible. This will redirect any users who wants to access the Internet to the captive portal to register first.
You can customize the captive portal by putting an Acceptable Use Policy (AUP) and uploading a company logo.
I've created local users (and a Group) for testing since an AD server isn't available in my lab.
You can have the option to put the users in a User Group.
You'll see this error message on the web browser since we haven't accepted yet the firewall's self-signed certificate. A new self-signed cert is generated each time the firewall reboots. To avoid this scenario, a Public Key Infrastructure (PKI) or a trusted third party CA (i.e. Verisign, GoDaddy, etc.) should be used. Click
Tick I have read and agreed to the terms and conditions and click Next. Login using the local users created on the firewall's database.
You'll see the created AUP disclaimer if you click on the terms and conditions hyperlink.
To verify logs, go to Logs & Monitoring > Security Logs and look for Identity Awarness logs under the Blade column.
I also tried the Identity Awareness/captive portal from my iPhone (login as Sophia).
No comments:
Post a Comment