R77.10: Identity Awareness and Groups

I’m on the edge of this so unfortunately don’t know the details, but my buddy will bring me up on the details as it develops. I have a 1/2 blog created on the details and am trying to bring it up to date.

We are a huge AD/Identity Awareness/Captive Portal shop and so we obviously have been breaking it on many fronts. Specifically, it was SmartDashboard picker slow/timeouts, dogging down WAN lines with tons of AD traffic, and most importantly could not work with AD/LDAP groups, not supporting multiple LDAP AU per AD domain (sk92782), having to adjust priorities on hundreds of AU’s over hundreds of firewalls….I’m not sure of all the other issues.

Basically, it didn’t scale.

CP has been working on it for a year and last week huge a breakthrough. Many of the above issues were fixed in the patches they issued to us. Yeah, there are still problems but it is nice to see things finally working after a year of pushing a boulder uphill. These patches were hot from development so not sure they are up for GA yet.

Anyways if your IA is a leaking rowboat note that a fix is on the way and its not your problem. CP knows about it and is working the issue. But you will have to push hard to get to the right people so start pushing.

IA out!

dreez

 

 

 

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: