The FW Can not match User based Rule when users were changed IP in using GP internal Gateway.

KiCheonLee — Thu, 09 Nov 2017 05:06:03 GMT

My customer uses GP Internal Gateway with a non-Tunnel mode.

It means it uses just only user authentication and enforces user-based rules.

I am facing an issue .

A user was connected to GP Internal GW in office 1F and successed authentication.

The FW was updated A user has 192.168.1.1 from GP.

The user moves to 2F and changed IP from 192.168.1.1 to 192.168.2.1.

The user still reaches Internal GW but the FW still hold A user has 192.168.1.1 .

Therefore, The user can't be enforced by his user based rules.

Finally, the user's traffics were blocked by the latest rule as any any block.

I am expecting there would be two ways that could resolve the issue.

One, If GP Agent could update changed IP to the FW, this issue would be resolved.

But I am expecting that could not update because using non-tunnel mode.

Do you have another way of updating changed IP to the FW?

If you have, Please let me know.

Another way, If GP could disconnect when it senses ip changed, this issue would be also resolved.

Because users must do authentication again and the GP agent will update IP-User mapping information to the FW.

Do you have another way of disconnecting GP when PC is changed another IP?

If you have, Please let me know.

And do you have other ways else? please let me know.

It would make me helpful.

Thanks,

KC Lee

Re: The FW Can not match User based Rule when users were changed IP in using GP internal Gateway.

Mick_Ball — Thu, 09 Nov 2017 08:48:50 GMT

are you using AD for user mapping.

KiCheonLee — Fri, 10 Nov 2017 08:21:51 GMT

No, we are not using.

Mick_Ball — Fri, 10 Nov 2017 19:39:00 GMT

Do you have user id enabled on the required zones.

KiCheonLee — Tue, 21 Nov 2017 01:20:31 GMT

Yes, I have.