About MikeTewner

Thank you! ... View more

Nope, no Exchange - We're in Google GSuite for everything.  (Aside - I briefly got SAML auth working against GSuite, but got stuck with the absense of Groups. Went back to AD)     Anyways, when I had two portals, the client made me constantly choose which portal to connect to (They had 2 different hostnames). If I give them both the same hostname, will the client not ask me?   ... View more

Thank you, Mick!   1. I'm using LDAP auth to AD. All of my clients are Macs, joined to the domain. 2. My plan for using internal gateways is to match up threat alerts to users (by IP). I'm trying to do this WITHOUT requiring the user to enter credentials to use the local LAN. (With GP, I'm using Cookie Authentication, which helps out here)     1. "Agentless" User-ID using AD Event Logs - Couldn't get it to work on the first try, and moved to GP Internal Gateways. I'm not sure how much WMI Event Logs are going to help me when all of my clients are Mac (Joined to AD). Do you think it'll work? 2. I have Internal GP kinda' working. I think if I play with it for a bit longer, I can get it to work. 3. What are the other options you mentioned? What do you mean by " built in "user ID" on the PA?"  4. I'll look into the Captive Portal option.   ... View more

...And a Follow-Up question -  Am I able to have the _External_ connect to be connect-on-demand, but have the _internal_ connection be always on?   That is, our users connect to the VPN when they need to access something while outside of the office. When they're IN the office, I'd like them to be auto-connected to the Internal VPN (so I can use User-ID's in my policies)   ... View more