Our organisation does not use 802.1x authentication in our environment. We have LAN and WiFi for our employees. We want to implement User ID with PA with AD domains and User ID Agent. However I could not find documentation on User ID behaviour in following scenario:
Our users have laptops and they use LAN when laptops are docked into docking stations. But when a user removes a laptop from docking station then he is immediately connected to WiFi and gets another IP. Again when he comes back to his place he will be connected with LAN.
Is there any documentation on how such situation is handled by user id and what are the best practices in such scenario?
Thanks and Regards,
In this case, maybe you should have a look on deploying GP on all laptop and use GP on both external and internal gateway with transparent authentication.
Switching from wire to wifi auth is really fast.
The computer already has an IP and a mapping on your wireless network, but the binding order makes it so that they are using the ethernet connection instead of the wireless connection. The mapping will simply have two IP addresses listed for that user. For example if my laptop is docked I'm mapped to say 10.*.*.* but my wireless connection is listed as 172.16.*.* then the firewall will show my user-id mapping to both 10.191.16.17 and 172.16.1.2 both at the same time, once my laptop is undocked then I simply see the users traffic move the source address to 172.16.1.2 but the mapping doesn't really change.
Thanks VinceM for your reply. So if I understand correctly, when internal network is detected GP will not initiate VPN right but only send the IP-Username association to the FW?
Correct, internally, just use GP on internal gateway for user authent. No Tunnel, just authen.
And if you want to go farther, you can, in futur, use HIP for giving acces to dedicate ressources :-)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!