NG AI Client Auth - Help

[Edison69]

We are using client auth for accessing the Internet the people that are authorized.

User1 can browse the Internet using User1 + Password1
User2 can browse the Internet using User2 + Password2
...

When the action of "client auth" applies, I understand that Checkpoint Firewall1/VPN1 AI running on Nokia IP350 gives permission to the IP adress of the machine that is requesting the service.

When configured in this way, the following is happening:

User1 can browse the Internet using User1 + Password1
User2 can browse the Internet using User1 + Password1
...
UserX can browse the Internet using User1 + Password1

Are there any way that Chekpoint blocks the second/thirth attempt to authenticate with the same User1 + Password1 made by other users in the local network ???

Do I have to use an extra product?


TIA


Edison

 

[robyone64]

Hi,
for the Client_Auth on checkpoint, you can only create a group for filtering.
I try to explain :
user1+password1 group user@alpha where alpha is a network.
user2+password2 group user@beta where beta is a network different fro the alpha network.

In this way group user@alpha can accept connection fron only the network defined and beta only fron network difend.
This is the only way that can permit the filter of the Client_auth under checkpoint.

Also, you can low the number of session for each client_auth, day and time of acceptance and time of during the authentication.

Sorry for my bad English!!!! Bye