StoneBlog.stonesoft.com

StoneGate Management Center 5.3 and StoneGate Firewall 5.3 allows to use Users and User Group elements directly in Source and Destination cells in Access, Inspection and NAT rules. The Firewall is now able to resolve the IP address for the users dynamically without authentication. IP addresses for Users are sent by StoneGate User Agent installed at any server that is in the same domain as Active Directory Server.

The agent sends IP information for all users that exist in the AD. Those IP addresses are then stored in Firewall’s cache to optimize the performance of user matching. The cache is automatically updated within a few seconds after the user’s IP changes. So the users’ IP information is always kept up to date in the firewall.

We recommend that Users and User Groups are used in security policy mainly for allowing connections. You can e.g. use a rule that gives access to certain service/application in the beginning of policy and have another rule that requires authentication later in the rulebase. This way you can simplify the life of end users. Using Users and User Groups may turn out to be useful also in environments where DHCP is extensively used – it decreases the need to assign static IP addresses for the end users.

Users and User Groups are also visible in the Logs, Statistics, Overviews and Reports increasing the user awareness to a new level throughout the application.

written by Tero Jantunen - 1,491 views \\ tags: 5.3, Access control, Active Directory, AD, Feature Previews, firewall, SMC, User Groups, Users