<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Browser-Based Authentication &#8211; Thegioifirewall</title>
	<atom:link href="https://thegioifirewall.com/tag/browser-based-authentication/feed/" rel="self" type="application/rss+xml" />
	<link>https://thegioifirewall.com</link>
	<description>Tường lửa bảo vệ doanh nghiệp, trung tâm thông tin và giá cả</description>
	<lastBuildDate>Fri, 24 Nov 2023 08:18:44 +0000</lastBuildDate>
	<language>vi</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://thegioifirewall.com/wp-content/uploads/vacif_icon-150x150.png</url>
	<title>Browser-Based Authentication &#8211; Thegioifirewall</title>
	<link>https://thegioifirewall.com</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CHECKPOINT FIREWALL R81.20: HƯỚNG DẪN CẤU HÌNH TÍNH NĂNG BROWSER-BASED AUTHENTICATION (CAPTIVE PORTAL) SỬ DỤNG USERS AD TRÊN CHECKPOINT FIREWALL.</title>
		<link>https://thegioifirewall.com/checkpoint-firewall-r81-20-huong-dan-cau-hinh-tinh-nang-browser-based-authentication-captive-portal-su-dung-users-ad-tren-checkpoint-firewall/</link>
					<comments>https://thegioifirewall.com/checkpoint-firewall-r81-20-huong-dan-cau-hinh-tinh-nang-browser-based-authentication-captive-portal-su-dung-users-ad-tren-checkpoint-firewall/#respond</comments>
		
		<dc:creator><![CDATA[John]]></dc:creator>
		<pubDate>Fri, 24 Nov 2023 08:18:44 +0000</pubDate>
				<category><![CDATA[Checkpoint Firewall]]></category>
		<category><![CDATA[Browser-Based Authentication]]></category>
		<category><![CDATA[Captive portal]]></category>
		<category><![CDATA[Checkpoint Firewall R81.20]]></category>
		<guid isPermaLink="false">https://thegioifirewall.com/?p=18346</guid>

					<description><![CDATA[Checkpoint Firewall là một giải pháp tường lửa (firewall) mạng và bảo mật mạng phát triển bởi Check Point Software Technologies, một trong những công ty hàng đầu trong lĩnh vực bảo mật mạng. Giải pháp này được thiết kế để bảo vệ các mạng doanh nghiệp và tổ chức khỏi các mối đe dọa [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">Checkpoint Firewall là một giải pháp tường lửa (firewall) mạng và bảo mật mạng phát triển bởi Check Point Software Technologies, một trong những công ty hàng đầu trong lĩnh vực bảo mật mạng. Giải pháp này được thiết kế để bảo vệ các mạng doanh nghiệp và tổ chức khỏi các mối đe dọa trực tuyến bằng cách kiểm soát và quản lý lưu lượng mạng.</p>



<p class="wp-block-paragraph"><strong>1.Sơ đồ mạng</strong></p>


<div class="wp-block-image">
<figure class="aligncenter"><img fetchpriority="high" decoding="async" width="654" height="429" src="https://thegioifirewall.com/wp-content/uploads/image-5650.png" alt="" class="wp-image-18183" srcset="https://thegioifirewall.com/wp-content/uploads/image-5650.png 654w, https://thegioifirewall.com/wp-content/uploads/image-5650-300x197.png 300w" sizes="(max-width: 654px) 100vw, 654px" /></figure>
</div>


<p class="wp-block-paragraph">Identity Awareness là một tính năng quan trọng trong Check Point Firewall, cho phép nhận biết và quản lý quyền truy cập mạng dựa trên thông tin về người dùng, nhóm người dùng, hoặc các đối tượng người dùng khác. Điều này cho phép tường lửa nhận dạng người dùng cụ thể hoặc nhóm người dùng và áp dụng các quy tắc bảo mật theo từng cá nhân hoặc nhóm.</p>



<p class="wp-block-paragraph">Bằng cách kết hợp thông tin từ nhiều nguồn như Active Directory, LDAP hoặc các hệ thống xác thực khác, Identity Awareness giúp tạo ra một hồ sơ chi tiết về người dùng và nhóm người dùng. Điều này cho phép quản trị viên xác định và kiểm soát quyền truy cập mạng, quản lý chính sách bảo mật dựa trên danh tính cụ thể của từng người dùng hoặc nhóm.</p>



<p class="wp-block-paragraph">Trong bài viết hôm nay mình sẽ hướng dẫn các bạn cấu hình tính năng Captive Portal, quản lý việc truy cập web dựa trên users được đồng bộ từ AD lên Checkpoint Firewall.</p>



<p class="wp-block-paragraph"><strong>2. Các bước cấu hình</strong></p>



<p class="wp-block-paragraph"><strong>Bước 1: Cấu hình bật tính năng Identity Awareness</strong></p>



<p class="wp-block-paragraph"><strong>Bước 2: Cấu hình tạo các policy dựa trên users</strong></p>



<p class="wp-block-paragraph"><strong>Bước 3: Kiểm tra cấu hình</strong></p>



<p class="wp-block-paragraph"><strong>Note:</strong> Trước đi đến phần hướng dẫn, bạn có thể tham khảo các bước đồng bộ users từ AD lên Checkpoint Firewall theo link sau: <a href="https://thegioifirewall.com/checkpoint-firewall-r81-20-huong-dan-cau-hinh-dong-bo-user-ad-len-checkpoint-firewall/"><strong>https://thegioifirewall.com/checkpoint-firewall-r81-20-huong-dan-cau-hinh-dong-bo-user-ad-len-checkpoint-firewall/</strong></a></p>



<p class="wp-block-paragraph"><strong>3. Hướng dẫn cấu hình.</strong></p>



<p class="wp-block-paragraph"><strong>Bước 1: Cấu hình bật tính năng Identity Awareness</strong>.</p>



<p class="wp-block-paragraph">Trên giao diện <strong>SmartConsole </strong>> Click chọn<strong> Edit.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img decoding="async" width="975" height="470" src="https://thegioifirewall.com/wp-content/uploads/image-5741.png" alt="" class="wp-image-18349" style="aspect-ratio:2.074468085106383;width:656px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5741.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5741-300x145.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5741-768x370.png 768w" sizes="(max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Trong <strong>General Properties</strong> > Click chọn <strong>Identity Awareness</strong>.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img decoding="async" width="975" height="698" src="https://thegioifirewall.com/wp-content/uploads/image-5742.png" alt="" class="wp-image-18351" style="aspect-ratio:1.3968481375358166;width:660px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5742.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5742-300x215.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5742-768x550.png 768w" sizes="(max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Trong <strong>Identity Awareness Configuration</strong> >Click chọn <strong>Browser-Based Authentication.</strong> Click <strong>Next.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="941" height="836" src="https://thegioifirewall.com/wp-content/uploads/image-5745.png" alt="" class="wp-image-18355" style="aspect-ratio:1.125598086124402;width:670px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5745.png 941w, https://thegioifirewall.com/wp-content/uploads/image-5745-300x267.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5745-768x682.png 768w" sizes="auto, (max-width: 941px) 100vw, 941px" /></figure>
</div>


<p class="wp-block-paragraph">Nếu bạn đã đồng bộ users trước đó, đến bước này bạn chỉ cần chọn <strong>&#8220;Connect&#8221;</strong> do các thông tin AD đã được lấy trước đó.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="945" height="528" src="https://thegioifirewall.com/wp-content/uploads/image-5746.png" alt="" class="wp-image-18358" style="aspect-ratio:1.7897727272727273;width:684px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5746.png 945w, https://thegioifirewall.com/wp-content/uploads/image-5746-300x168.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5746-768x429.png 768w" sizes="auto, (max-width: 945px) 100vw, 945px" /></figure>
</div>


<p class="wp-block-paragraph">Connect với AD thành công. Click <strong>Next.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="942" height="578" src="https://thegioifirewall.com/wp-content/uploads/image-5747.png" alt="" class="wp-image-18360" style="aspect-ratio:1.6297577854671281;width:668px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5747.png 942w, https://thegioifirewall.com/wp-content/uploads/image-5747-300x184.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5747-768x471.png 768w" sizes="auto, (max-width: 942px) 100vw, 942px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Main URL: </strong>là địa chỉ interface IP mà users sẽ dùng để vào trang xác thực trước khi truy cập web. </p>



<p class="wp-block-paragraph">Click <strong>Next và Finish.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="947" height="836" src="https://thegioifirewall.com/wp-content/uploads/image-5748.png" alt="" class="wp-image-18362" style="aspect-ratio:1.1327751196172249;width:662px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5748.png 947w, https://thegioifirewall.com/wp-content/uploads/image-5748-300x265.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5748-768x678.png 768w" sizes="auto, (max-width: 947px) 100vw, 947px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="945" height="841" src="https://thegioifirewall.com/wp-content/uploads/image-5749.png" alt="" class="wp-image-18365" style="aspect-ratio:1.1236623067776457;width:664px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5749.png 945w, https://thegioifirewall.com/wp-content/uploads/image-5749-300x267.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5749-768x683.png 768w" sizes="auto, (max-width: 945px) 100vw, 945px" /></figure>
</div>


<p class="wp-block-paragraph">Tính năng <strong>Identity Awareness </strong>đã được bật. Click <strong>Ok.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="910" src="https://thegioifirewall.com/wp-content/uploads/image-5750.png" alt="" class="wp-image-18366" style="aspect-ratio:1.0714285714285714;width:680px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5750.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5750-300x280.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5750-768x717.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Cuối cùng click <strong>Publish > Install Policy.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="473" src="https://thegioifirewall.com/wp-content/uploads/image-5751.png" alt="" class="wp-image-18367" style="aspect-ratio:2.061310782241015;width:672px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5751.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5751-300x146.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5751-768x373.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="616" src="https://thegioifirewall.com/wp-content/uploads/image-5752.png" alt="" class="wp-image-18368" style="aspect-ratio:1.5827922077922079;width:674px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5752.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5752-300x190.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5752-768x485.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Bước 2: Cấu hình tạo các policy dựa trên users</strong></p>



<p class="wp-block-paragraph">Đầu tiên bạn phải cấu hình policy cho lớp mang <strong>LAN accept service DNS.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="975" height="282" src="https://thegioifirewall.com/wp-content/uploads/image-5753.png" alt="" class="wp-image-18372" srcset="https://thegioifirewall.com/wp-content/uploads/image-5753.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5753-300x87.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5753-768x222.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Tiếp theo bạn cấu hình policy bên dưới policy <strong>LAN Internet Access </strong>vừa tạo.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="736" height="524" src="https://thegioifirewall.com/wp-content/uploads/image-5754.png" alt="" class="wp-image-18373" style="aspect-ratio:1.4045801526717556;width:502px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5754.png 736w, https://thegioifirewall.com/wp-content/uploads/image-5754-300x214.png 300w" sizes="auto, (max-width: 736px) 100vw, 736px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Settings các thông số như sau:</strong></p>



<p class="wp-block-paragraph"><strong>Name:</strong>&nbsp;Đặt tên cho rule</p>



<p class="wp-block-paragraph"><strong>Source</strong>: Chọn các group user đã tạo</p>



<p class="wp-block-paragraph"><strong>Destination: </strong>chọn any</p>



<p class="wp-block-paragraph"><strong>VPN:</strong>&nbsp;Any</p>



<p class="wp-block-paragraph"><strong>Service &amp; Application: </strong>chọn service <strong>http/https</strong></p>



<p class="wp-block-paragraph"><strong>Action: Accept</strong>. Ở đây bạn chuột phải chọn <strong>More > click chọn &#8220;Enable Identity Captive Portal&#8221;</strong>.</p>



<p class="wp-block-paragraph"><strong>Track:</strong>&nbsp;chọn&nbsp;<strong>Log</strong></p>



<p class="wp-block-paragraph"><strong>Install On:</strong>&nbsp;chọn tên Hostname Checkpoint Firewall.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="975" height="359" src="https://thegioifirewall.com/wp-content/uploads/image-5755.png" alt="" class="wp-image-18374" srcset="https://thegioifirewall.com/wp-content/uploads/image-5755.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5755-300x110.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5755-768x283.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="975" height="374" src="https://thegioifirewall.com/wp-content/uploads/image-5756.png" alt="" class="wp-image-18375" srcset="https://thegioifirewall.com/wp-content/uploads/image-5756.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5756-300x115.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5756-768x295.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Tiếp tục tạo <strong>New Rule. Ex: </strong>Policy <strong>block truy cập web youtube và facebook</strong> cho <strong>Group_Sale.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="917" height="653" src="https://thegioifirewall.com/wp-content/uploads/image-5757.png" alt="" class="wp-image-18376" style="aspect-ratio:1.4042879019908117;width:514px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5757.png 917w, https://thegioifirewall.com/wp-content/uploads/image-5757-300x214.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5757-768x547.png 768w" sizes="auto, (max-width: 917px) 100vw, 917px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Settings các thông số như sau:</strong></p>



<p class="wp-block-paragraph"><strong>Name:</strong>&nbsp;Đặt tên cho rule</p>



<p class="wp-block-paragraph"><strong>Source</strong>: Chọn <strong>Group_Sale</strong></p>



<p class="wp-block-paragraph"><strong>Destination: </strong>chọn any</p>



<p class="wp-block-paragraph"><strong>VPN:</strong>&nbsp;Any</p>



<p class="wp-block-paragraph"><strong>Service &amp; Application: </strong>chọn <strong>facebook và youtube.</strong></p>



<p class="wp-block-paragraph"><strong>Action: Drop</strong></p>



<p class="wp-block-paragraph"><strong>Track:</strong>&nbsp;chọn&nbsp;<strong>Log</strong></p>



<p class="wp-block-paragraph"><strong>Install On:</strong>&nbsp;chọn tên Hostname Checkpoint Firewall.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="975" height="291" src="https://thegioifirewall.com/wp-content/uploads/image-5758.png" alt="" class="wp-image-18377" srcset="https://thegioifirewall.com/wp-content/uploads/image-5758.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5758-300x90.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5758-768x229.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Cuối cùng<strong> Publish > Install Policy.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="393" src="https://thegioifirewall.com/wp-content/uploads/image-5759.png" alt="" class="wp-image-18378" style="aspect-ratio:2.480916030534351;width:600px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5759.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5759-300x121.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5759-768x310.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="615" src="https://thegioifirewall.com/wp-content/uploads/image-5760.png" alt="" class="wp-image-18379" style="aspect-ratio:1.5853658536585367;width:604px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5760.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5760-300x189.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5760-768x484.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Bước 3: Kiểm tra cấu hình.</strong></p>



<p class="wp-block-paragraph">Trên máy tính login với user<strong> &#8220;Kate&#8221; t</strong>huộc <strong>Group_Sale</strong>.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="559" height="440" src="https://thegioifirewall.com/wp-content/uploads/image-5761.png" alt="" class="wp-image-18380" srcset="https://thegioifirewall.com/wp-content/uploads/image-5761.png 559w, https://thegioifirewall.com/wp-content/uploads/image-5761-300x236.png 300w" sizes="auto, (max-width: 559px) 100vw, 559px" /></figure>
</div>


<p class="wp-block-paragraph"><strong>Ping 8.8.8.8 và google.com</strong> đều ok.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="508" src="https://thegioifirewall.com/wp-content/uploads/image-5762.png" alt="" class="wp-image-18381" style="aspect-ratio:1.919291338582677;width:652px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5762.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5762-300x156.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5762-768x400.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Nhưng không thể truy cập Internet.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="682" src="https://thegioifirewall.com/wp-content/uploads/image-5763.png" alt="" class="wp-image-18382" style="aspect-ratio:1.4296187683284458;width:626px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5763.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5763-300x210.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5763-768x537.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Để truy cập Internet cần xác thực user. Truy cập <strong>Main URL</strong> trong bước 1.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="411" src="https://thegioifirewall.com/wp-content/uploads/image-5764.png" alt="" class="wp-image-18383" style="aspect-ratio:2.372262773722628;width:642px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5764.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5764-300x126.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5764-768x324.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Nhập user và password. Click chọn <strong>Log In.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="661" src="https://thegioifirewall.com/wp-content/uploads/image-5765.png" alt="" class="wp-image-18384" style="aspect-ratio:1.475037821482602;width:654px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5765.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5765-300x203.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5765-768x521.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Xác thực thành công.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="657" src="https://thegioifirewall.com/wp-content/uploads/image-5766.png" alt="" class="wp-image-18385" style="aspect-ratio:1.4840182648401827;width:668px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5766.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5766-300x202.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5766-768x518.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Check policy <strong>user &#8220;Kate&#8221;</strong> nằm trong<strong> Group_Sale</strong>, bị block truy cập<strong> Youtube và Facebook.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="594" src="https://thegioifirewall.com/wp-content/uploads/image-5767.png" alt="" class="wp-image-18386" style="aspect-ratio:1.6414141414141414;width:686px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5767.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5767-300x183.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5767-768x468.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="640" src="https://thegioifirewall.com/wp-content/uploads/image-5768.png" alt="" class="wp-image-18387" style="aspect-ratio:1.5234375;width:690px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5768.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5768-300x197.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5768-768x504.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Các trang web còn lại vẫn truy cập bình thường.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="637" src="https://thegioifirewall.com/wp-content/uploads/image-5769.png" alt="" class="wp-image-18388" style="aspect-ratio:1.530612244897959;width:702px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5769.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5769-300x196.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5769-768x502.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Tiếp theo login bằng user <strong>&#8220;Mark&#8221; </strong>nằm trong <strong>Group_Marketing</strong>, không bị cấm truy cập Youtube và facebook.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="760" src="https://thegioifirewall.com/wp-content/uploads/image-5770.png" alt="" class="wp-image-18389" style="aspect-ratio:1.2828947368421053;width:690px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5770.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5770-300x234.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5770-768x599.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Tiếp tục xác thực user.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="667" src="https://thegioifirewall.com/wp-content/uploads/image-5771.png" alt="" class="wp-image-18390" style="aspect-ratio:1.461769115442279;width:706px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5771.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5771-300x205.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5771-768x525.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="600" src="https://thegioifirewall.com/wp-content/uploads/image-5772.png" alt="" class="wp-image-18391" style="aspect-ratio:1.625;width:708px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5772.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5772-300x185.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5772-768x473.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Truy cập facebook thành công.</p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="680" src="https://thegioifirewall.com/wp-content/uploads/image-5773.png" alt="" class="wp-image-18392" style="aspect-ratio:1.4338235294117647;width:718px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5773.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5773-300x209.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5773-768x536.png 768w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>


<p class="wp-block-paragraph">Kiểm tra log trên <strong>SmartConsole.</strong></p>


<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="647" height="254" src="https://thegioifirewall.com/wp-content/uploads/image-5775.png" alt="" class="wp-image-18394" style="aspect-ratio:2.547244094488189;width:731px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5775.png 647w, https://thegioifirewall.com/wp-content/uploads/image-5775-300x118.png 300w" sizes="auto, (max-width: 647px) 100vw, 647px" /></figure>
</div>

<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="975" height="730" src="https://thegioifirewall.com/wp-content/uploads/image-5776.png" alt="" class="wp-image-18395" style="aspect-ratio:1.3356164383561644;width:740px;height:auto" srcset="https://thegioifirewall.com/wp-content/uploads/image-5776.png 975w, https://thegioifirewall.com/wp-content/uploads/image-5776-300x225.png 300w, https://thegioifirewall.com/wp-content/uploads/image-5776-768x575.png 768w, https://thegioifirewall.com/wp-content/uploads/image-5776-600x450.png 600w, https://thegioifirewall.com/wp-content/uploads/image-5776-400x300.png 400w" sizes="auto, (max-width: 975px) 100vw, 975px" /></figure>
</div>]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/checkpoint-firewall-r81-20-huong-dan-cau-hinh-tinh-nang-browser-based-authentication-captive-portal-su-dung-users-ad-tren-checkpoint-firewall/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Checkpoint Firewall: Hướng dẫn cấu hình đồng bộ User từ AD (Active Directory) lên Checkpoint Firewall.</title>
		<link>https://thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-dong-bo-user-tu-ad-active-directory-len-checkpoint-firewall/</link>
					<comments>https://thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-dong-bo-user-tu-ad-active-directory-len-checkpoint-firewall/#respond</comments>
		
		<dc:creator><![CDATA[John]]></dc:creator>
		<pubDate>Sat, 21 May 2022 04:34:07 +0000</pubDate>
				<category><![CDATA[Checkpoint Firewall]]></category>
		<category><![CDATA[Active Directory Queries Checkpoint]]></category>
		<category><![CDATA[Browser-Based Authentication]]></category>
		<guid isPermaLink="false">https://www.thegioifirewall.com/?p=15846</guid>

					<description><![CDATA[1.Overview. Với tính năng User Awareness bạn có thể cấu hình để xác định các nguồn nhằm lấy danh tính người dùng, cho mục đích ghi log và cấu hình. User Awareness sẽ giúp hiển thị log dựa trên người dùng thay vì dựa trên địa chỉ IP và thực thi kiểm soát truy cập [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">1<strong>.Overview.</strong></p>



<p class="wp-block-paragraph">Với tính năng <strong>User Awareness</strong> bạn có thể cấu hình để xác định các nguồn nhằm lấy danh tính người dùng, cho mục đích ghi log và cấu hình. <strong>User Awareness</strong> sẽ giúp hiển thị log dựa trên người dùng thay vì dựa trên địa chỉ IP và thực thi kiểm soát truy cập cho người dùng và nhóm người dùng.</p>



<p class="wp-block-paragraph">Để sử dụng <strong>User Awareness</strong> bạn phải cấu hình các phương pháp nhận dạng để lấy thông tin về người dùng và nhóm người dùng. Sau khi gateway có được danh tính của người dùng, các quy tắc dựa trên người dùng có thể được thực thi trên network traffic trong Access Policy.</p>



<p class="wp-block-paragraph"><strong>User Awareness</strong> có thể sử dụng các nguồn sau để xác định người dùng:</p>



<p class="wp-block-paragraph">+ <strong>Active Directory Queries: </strong>Truy vấn đến máy chủ AD (Active Directory) để lấy thông tin người dùng.</p>



<p class="wp-block-paragraph">+ <strong>Browser-Based Authentication: </strong>Sử dụng cổng thông tin để xác thực người dùng được xác định cục bộ hoặc như một bản sao lưu cho các phương pháp nhận dạng khác.</p>



<p class="wp-block-paragraph">2<strong>. Network Diagram</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="723" height="380" src="https://thegioifirewall.com/wp-content/uploads/image-4327.png" alt="" class="wp-image-15847" srcset="https://thegioifirewall.com/wp-content/uploads/image-4327.png 723w, https://thegioifirewall.com/wp-content/uploads/image-4327-300x158.png 300w" sizes="auto, (max-width: 723px) 100vw, 723px" /></figure></div>



<p class="wp-block-paragraph">Bài viết hôm nay sẽ hướng dẫn các bạn cấu hình đồng bộ user từ AD lên Checkpoint Firewall sử dụng user được đồng bộ để xác thực VPN Remote Access và cấu hình policy theo group user đã đồng bộ.</p>



<p class="wp-block-paragraph"><strong>3.Hướng dẫn cấu hình.</strong></p>



<p class="wp-block-paragraph"><strong>Bước 1: Cấu hình Active Directory Queries</strong>.</p>



<p class="wp-block-paragraph"><strong>Ví dụ:</strong> Trên AD Server có 3 group: <strong>Accounting, Sale và IT. </strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="722" height="328" src="https://thegioifirewall.com/wp-content/uploads/image-4331.png" alt="" class="wp-image-15851" srcset="https://thegioifirewall.com/wp-content/uploads/image-4331.png 722w, https://thegioifirewall.com/wp-content/uploads/image-4331-300x136.png 300w" sizes="auto, (max-width: 722px) 100vw, 722px" /></figure></div>



<p class="wp-block-paragraph">Mỗi group có 1 user là: <strong>John, Kane, Kevin.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="727" height="322" src="https://thegioifirewall.com/wp-content/uploads/image-4332.png" alt="" class="wp-image-15852" srcset="https://thegioifirewall.com/wp-content/uploads/image-4332.png 727w, https://thegioifirewall.com/wp-content/uploads/image-4332-300x133.png 300w" sizes="auto, (max-width: 727px) 100vw, 727px" /></figure></div>



<p class="wp-block-paragraph">Trên giao diện quản trị của <strong>Checkpoint > Access Policy > User Awareness > Blade Control.</strong></p>



<p class="wp-block-paragraph">Click chọn <strong>ON User Awareness > Click chọn Active Directory Queries > Configure&#8230;</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="231" src="https://thegioifirewall.com/wp-content/uploads/image-4328.png" alt="" class="wp-image-15848" srcset="https://thegioifirewall.com/wp-content/uploads/image-4328.png 624w, https://thegioifirewall.com/wp-content/uploads/image-4328-300x111.png 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></figure></div>



<p class="wp-block-paragraph">Trong <strong>Active Directory Queries</strong>, click chọn <strong>Define a new Active Directory</strong> và điền các thông số sau:</p>



<ul class="wp-block-list"><li><strong>Domain</strong>: Điền tên domain của AD</li><li><strong>IPv4 address</strong>: Điền địa chỉ IP của AD Server</li><li><strong>User name</strong>: Điền user domain (Nên đùng user admin domain)</li><li><strong>Password</strong>: Nhập password user</li><li><strong>User DN</strong>: Điền FQDN user (Ex: CN=Administrator,CN=Users,DC=vacif,DC=local).</li></ul>



<p class="wp-block-paragraph">Click chọn <strong>Discover</strong>, nếu không có thông báo lỗi nào là bạn đã queries thành công. Click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="480" height="445" src="https://thegioifirewall.com/wp-content/uploads/image-4329.png" alt="" class="wp-image-15849" srcset="https://thegioifirewall.com/wp-content/uploads/image-4329.png 480w, https://thegioifirewall.com/wp-content/uploads/image-4329-300x278.png 300w" sizes="auto, (max-width: 480px) 100vw, 480px" /></figure></div>



<p class="wp-block-paragraph">Khi bạn click chọn lại <strong>Configure</strong>, domain &#8220;<strong>vacif.local</strong>&#8221; sẽ xuất hiện trong bảng <strong>Use existing Active Directory</strong> servers.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="814" height="357" src="https://thegioifirewall.com/wp-content/uploads/image-4333.png" alt="" class="wp-image-15853" srcset="https://thegioifirewall.com/wp-content/uploads/image-4333.png 814w, https://thegioifirewall.com/wp-content/uploads/image-4333-300x132.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4333-768x337.png 768w" sizes="auto, (max-width: 814px) 100vw, 814px" /></figure></div>



<p class="wp-block-paragraph">Tiếp theo bạn di chuyển xuống phần <strong>User &amp; Objects > User Management > Authentication Servers > Active Directory.</strong></p>



<p class="wp-block-paragraph">Click chọn <strong>&#8220;Permissions for Active Directory users&#8221;</strong>, trong <strong>Grant remote access permissions to</strong>: click chọn &#8220;<strong>Selected AD user group</strong>&#8221; để có thể sử dụng các user group đã được đồng bộ để xác thực VPN Remote Access. Click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="810" height="330" src="https://thegioifirewall.com/wp-content/uploads/image-4334.png" alt="" class="wp-image-15854" srcset="https://thegioifirewall.com/wp-content/uploads/image-4334.png 810w, https://thegioifirewall.com/wp-content/uploads/image-4334-300x122.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4334-768x313.png 768w" sizes="auto, (max-width: 810px) 100vw, 810px" /></figure></div>



<p class="wp-block-paragraph"><strong>Bước 2: Add các User Group cho Remote Access Users.</strong></p>



<p class="wp-block-paragraph">Bạn di chuyển đến phần<strong> VPN > Remote Access > Remote Access Users > Edit Permissions > Active Directory.</strong></p>



<p class="wp-block-paragraph">Ở đây bạn sẽ thấy các User Group đã được đồng bộ từ AD.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="810" height="398" src="https://thegioifirewall.com/wp-content/uploads/image-4335.png" alt="" class="wp-image-15855" srcset="https://thegioifirewall.com/wp-content/uploads/image-4335.png 810w, https://thegioifirewall.com/wp-content/uploads/image-4335-300x147.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4335-768x377.png 768w" sizes="auto, (max-width: 810px) 100vw, 810px" /></figure></div>



<p class="wp-block-paragraph">Bạn click chọn các User Group bạn muốn dùng để xác thực. Click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="555" height="498" src="https://thegioifirewall.com/wp-content/uploads/image-4336.png" alt="" class="wp-image-15856" srcset="https://thegioifirewall.com/wp-content/uploads/image-4336.png 555w, https://thegioifirewall.com/wp-content/uploads/image-4336-300x269.png 300w" sizes="auto, (max-width: 555px) 100vw, 555px" /></figure></div>



<p class="wp-block-paragraph">Như vậy bạn đã add thành công 3 Group: <strong>Accounting, Sales và IT.</strong></p>



<p class="wp-block-paragraph"><strong>Note: Bạn sẽ không thể chọn add 1 user cụ thể từ AD, bạn chỉ có thể chọn group có chứa user đó.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="267" src="https://thegioifirewall.com/wp-content/uploads/image-4337.png" alt="" class="wp-image-15857" srcset="https://thegioifirewall.com/wp-content/uploads/image-4337.png 624w, https://thegioifirewall.com/wp-content/uploads/image-4337-300x128.png 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></figure></div>



<p class="wp-block-paragraph"><strong>Bước 3: Kiểm tra xác thực VPN Remote Access sử dụng User Syn từ AD.</strong></p>



<p class="wp-block-paragraph">Bạn có thể tham khảo cấu hình<strong> VPN Remote Access</strong> sử dụng <strong>Checkpoint VPN Client</strong> qua bài viết sau: <a href="https://www.thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-vpn-remote-access-cho-users-su-dung-checkpoint-vpn-clients/">https://www.thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-vpn-remote-access-cho-users-su-dung-checkpoint-vpn-clients/</a></p>



<p class="wp-block-paragraph">Kiểm tra kết nối VPN user <strong>Kevin</strong> nằm trong <strong>Group Accounting</strong>: Kết nối thành công</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="554" height="358" src="https://thegioifirewall.com/wp-content/uploads/image-4338.png" alt="" class="wp-image-15858" srcset="https://thegioifirewall.com/wp-content/uploads/image-4338.png 554w, https://thegioifirewall.com/wp-content/uploads/image-4338-300x194.png 300w" sizes="auto, (max-width: 554px) 100vw, 554px" /></figure></div>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="826" height="162" src="https://thegioifirewall.com/wp-content/uploads/image-4339.png" alt="" class="wp-image-15859" srcset="https://thegioifirewall.com/wp-content/uploads/image-4339.png 826w, https://thegioifirewall.com/wp-content/uploads/image-4339-300x59.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4339-768x151.png 768w" sizes="auto, (max-width: 826px) 100vw, 826px" /></figure></div>



<p class="wp-block-paragraph"> Kiểm tra kết nối VPN user <strong>Kane </strong>nằm trong <strong>Group Sale</strong>: Kết nối thành công.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="571" height="372" src="https://thegioifirewall.com/wp-content/uploads/image-4340.png" alt="" class="wp-image-15860" srcset="https://thegioifirewall.com/wp-content/uploads/image-4340.png 571w, https://thegioifirewall.com/wp-content/uploads/image-4340-300x195.png 300w" sizes="auto, (max-width: 571px) 100vw, 571px" /></figure></div>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="825" height="165" src="https://thegioifirewall.com/wp-content/uploads/image-4341.png" alt="" class="wp-image-15861" srcset="https://thegioifirewall.com/wp-content/uploads/image-4341.png 825w, https://thegioifirewall.com/wp-content/uploads/image-4341-300x60.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4341-768x154.png 768w" sizes="auto, (max-width: 825px) 100vw, 825px" /></figure></div>



<p class="wp-block-paragraph">  Kiểm tra kết nối VPN user <strong>John </strong>nằm trong <strong>Group Sale</strong>: Kết nối thành công. </p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="568" height="369" src="https://thegioifirewall.com/wp-content/uploads/image-4342.png" alt="" class="wp-image-15862" srcset="https://thegioifirewall.com/wp-content/uploads/image-4342.png 568w, https://thegioifirewall.com/wp-content/uploads/image-4342-300x195.png 300w" sizes="auto, (max-width: 568px) 100vw, 568px" /></figure></div>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="821" height="129" src="https://thegioifirewall.com/wp-content/uploads/image-4343.png" alt="" class="wp-image-15863" srcset="https://thegioifirewall.com/wp-content/uploads/image-4343.png 821w, https://thegioifirewall.com/wp-content/uploads/image-4343-300x47.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4343-768x121.png 768w" sizes="auto, (max-width: 821px) 100vw, 821px" /></figure></div>



<p class="wp-block-paragraph">Bạn cũng có thể tạo Policy riêng cho group trong <strong>Access Policy > Firewall > Policy</strong> <strong>> New Policy.</strong></p>



<p class="wp-block-paragraph">Trong <strong>Source > Active Directory > chọn Group (Ex: Accounting)</strong>.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="723" height="382" src="https://thegioifirewall.com/wp-content/uploads/image-4344.png" alt="" class="wp-image-15864" srcset="https://thegioifirewall.com/wp-content/uploads/image-4344.png 723w, https://thegioifirewall.com/wp-content/uploads/image-4344-300x159.png 300w" sizes="auto, (max-width: 723px) 100vw, 723px" /></figure></div>
]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-dong-bo-user-tu-ad-active-directory-len-checkpoint-firewall/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Checkpoint Firewall: Hướng dẫn cấu hình tính năng Browser-Based Authentication (Captive portal) xác thực người dùng truy cập Internet.</title>
		<link>https://thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-tinh-nang-browser-based-authentication-captive-portal-xac-thuc-nguoi-dung-truy-cap-internet/</link>
					<comments>https://thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-tinh-nang-browser-based-authentication-captive-portal-xac-thuc-nguoi-dung-truy-cap-internet/#respond</comments>
		
		<dc:creator><![CDATA[John]]></dc:creator>
		<pubDate>Sun, 15 May 2022 13:10:34 +0000</pubDate>
				<category><![CDATA[Checkpoint Firewall]]></category>
		<category><![CDATA[Browser-Based Authentication]]></category>
		<category><![CDATA[Browser-Based Authentication (Captive portal)]]></category>
		<category><![CDATA[Captive portal]]></category>
		<category><![CDATA[Checkpoint Browser-Based Authentication]]></category>
		<guid isPermaLink="false">https://www.thegioifirewall.com/?p=15656</guid>

					<description><![CDATA[1.Overview Với tính năng Browser-Based Authentication trên Checkpoint sử dụng giao diện web để xác thực người dùng trước khi họ có thể truy cập tài nguyên mạng hoặc Internet. Khi người dùng cố gắng truy cập một tài nguyên được bảo vệ, họ phải đăng nhập xác thực để tiếp tục truy cập. 2. [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph"><strong>1.Overview</strong></p>



<p class="wp-block-paragraph">Với tính năng <strong>Browser-Based Authentication</strong> trên Checkpoint sử dụng giao diện web để xác thực người dùng trước khi họ có thể truy cập tài nguyên mạng hoặc Internet. Khi người dùng cố gắng truy cập một tài nguyên được bảo vệ, họ phải đăng nhập xác thực để tiếp tục truy cập.</p>



<p class="wp-block-paragraph"><strong>2. Network Diagram.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="876" height="347" src="https://thegioifirewall.com/wp-content/uploads/image-4239.png" alt="" class="wp-image-15657" srcset="https://thegioifirewall.com/wp-content/uploads/image-4239.png 876w, https://thegioifirewall.com/wp-content/uploads/image-4239-300x119.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4239-768x304.png 768w" sizes="auto, (max-width: 876px) 100vw, 876px" /></figure></div>



<p class="wp-block-paragraph">Bài viết hôm nay sẽ hướng dẫn các bạn cấu hình tính năng <strong>Browser-Based Authentication</strong> trên Checkpoint Firewall để xác thực, cũng như tạo các policy theo người dùng trước khi truy cập Internet.</p>



<p class="wp-block-paragraph"><strong>3. Hướng dẫn cấu hình.</strong></p>



<p class="wp-block-paragraph"><strong>Bước 1: Cấu hình Browser-Based Authentication</strong>.</p>



<p class="wp-block-paragraph">Để enable tính năng <strong>Browser-Based Authentication</strong> trên giao diện quản trị của <strong>Checkpoint Firewall &gt; Access Policy &gt; User Awareness &gt; Blade Control &gt; Click chọn ON User Awareness. </strong></p>



<p class="wp-block-paragraph">Dưới phần<strong> Policy Configuration &gt;</strong> click chọn <strong>Browser-Based Authentication</strong> &gt; click <strong>Configure.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="252" src="https://thegioifirewall.com/wp-content/uploads/image-4240.png" alt="" class="wp-image-15658" srcset="https://thegioifirewall.com/wp-content/uploads/image-4240.png 624w, https://thegioifirewall.com/wp-content/uploads/image-4240-300x121.png 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></figure></div>



<p class="wp-block-paragraph">Trong <strong>Identification tab: </strong></p>



<p class="wp-block-paragraph">Bạn có thể chọn <strong>Block unauthenticated users when the captive portal is not applicable</strong> cho các user chưa được xác thực.</p>



<p class="wp-block-paragraph">S<strong>pecific destinations: </strong>Chọn <strong>Internet.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="533" height="270" src="https://thegioifirewall.com/wp-content/uploads/image-4241.png" alt="" class="wp-image-15659" srcset="https://thegioifirewall.com/wp-content/uploads/image-4241.png 533w, https://thegioifirewall.com/wp-content/uploads/image-4241-300x152.png 300w" sizes="auto, (max-width: 533px) 100vw, 533px" /></figure></div>



<p class="wp-block-paragraph">Chuyển qua <strong>Customization</strong>&nbsp;tab: Bạn có thể để mặc định, hoặc có thể dùng logo khác theo ý muốn bằng cách click chọn <strong>Upload.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="529" height="356" src="https://thegioifirewall.com/wp-content/uploads/image-4242.png" alt="" class="wp-image-15660" srcset="https://thegioifirewall.com/wp-content/uploads/image-4242.png 529w, https://thegioifirewall.com/wp-content/uploads/image-4242-300x202.png 300w" sizes="auto, (max-width: 529px) 100vw, 529px" /></figure></div>



<p class="wp-block-paragraph">Chuyển qua <strong>Advanced</strong>&nbsp;tab:</p>



<p class="wp-block-paragraph"><strong>Portal Address</strong>: Điền địa chỉ IP sẽ dùng để làm trang xác thực user.</p>



<p class="wp-block-paragraph"><strong>Session timeout</strong>: Cài đặt thời gian user có thể truy cập network hoặc Internet trước khi cần xác thực lại.</p>



<p class="wp-block-paragraph">Sau cùng click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="529" height="282" src="https://thegioifirewall.com/wp-content/uploads/image-4243.png" alt="" class="wp-image-15661" srcset="https://thegioifirewall.com/wp-content/uploads/image-4243.png 529w, https://thegioifirewall.com/wp-content/uploads/image-4243-300x160.png 300w" sizes="auto, (max-width: 529px) 100vw, 529px" /></figure></div>



<p class="wp-block-paragraph"><strong>Bước 2: Tạo Users.</strong></p>



<p class="wp-block-paragraph">Trong giao diện quản trị của <strong>Checkpoint Firewall &gt; User &amp; Objects &gt; User Awareness &gt;User &gt; New &gt; Local User.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="705" height="163" src="https://thegioifirewall.com/wp-content/uploads/image-4244.png" alt="" class="wp-image-15662" srcset="https://thegioifirewall.com/wp-content/uploads/image-4244.png 705w, https://thegioifirewall.com/wp-content/uploads/image-4244-300x69.png 300w" sizes="auto, (max-width: 705px) 100vw, 705px" /></figure></div>



<p class="wp-block-paragraph">Trong <strong>Remote Access</strong> tab: Điền các thông số như hình dưới. Click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="532" height="479" src="https://thegioifirewall.com/wp-content/uploads/image-4245.png" alt="" class="wp-image-15663" srcset="https://thegioifirewall.com/wp-content/uploads/image-4245.png 532w, https://thegioifirewall.com/wp-content/uploads/image-4245-300x270.png 300w" sizes="auto, (max-width: 532px) 100vw, 532px" /></figure></div>



<p class="wp-block-paragraph">Ở đây mình tạo 2 user là <strong>John</strong> và <strong>Steven.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="708" height="168" src="https://thegioifirewall.com/wp-content/uploads/image-4246.png" alt="" class="wp-image-15664" srcset="https://thegioifirewall.com/wp-content/uploads/image-4246.png 708w, https://thegioifirewall.com/wp-content/uploads/image-4246-300x71.png 300w" sizes="auto, (max-width: 708px) 100vw, 708px" /></figure></div>



<p class="wp-block-paragraph"><strong>Bước 3: Kiểm tra cấu hình</strong>.</p>



<p class="wp-block-paragraph">Bạn sử dụng máy tính trong mạng LAN của Checkpoint thử truy cập các trang web thì sẽ xuất hiện 1 trang web của Checkpoint yêu cầu xác thực thông tin người dùng trước khi được truy cập Internet.</p>



<p class="wp-block-paragraph">Bạn điền <strong>Username và Password</strong> của <strong>John</strong> đã tạo ở bước 2. Click <strong>Log In.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="601" height="394" src="https://thegioifirewall.com/wp-content/uploads/image-4247.png" alt="" class="wp-image-15665" srcset="https://thegioifirewall.com/wp-content/uploads/image-4247.png 601w, https://thegioifirewall.com/wp-content/uploads/image-4247-300x197.png 300w" sizes="auto, (max-width: 601px) 100vw, 601px" /></figure></div>



<p class="wp-block-paragraph">Click chọn &#8220;<strong>I have read and agreed to the terms and conditions</strong>&#8220;. Click <strong>Next.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="281" src="https://thegioifirewall.com/wp-content/uploads/image-4248.png" alt="" class="wp-image-15666" srcset="https://thegioifirewall.com/wp-content/uploads/image-4248.png 624w, https://thegioifirewall.com/wp-content/uploads/image-4248-300x135.png 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></figure></div>



<p class="wp-block-paragraph">Khi đã xác thực thành công bạn sẽ truy cập internet bình thường. Sẽ hiện thông báo thời gian bạn có thể truy cập Internet bình thường trước khi cần phải xác thực lại. </p>



<p class="wp-block-paragraph"><strong>Note: Bạn không được tắt trang xác thực này để duy trì việc truy cập Internet.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="593" height="418" src="https://thegioifirewall.com/wp-content/uploads/image-4249.png" alt="" class="wp-image-15667" srcset="https://thegioifirewall.com/wp-content/uploads/image-4249.png 593w, https://thegioifirewall.com/wp-content/uploads/image-4249-300x211.png 300w" sizes="auto, (max-width: 593px) 100vw, 593px" /></figure></div>



<p class="wp-block-paragraph"><strong>Bước 4: Tạo Policy xác thực theo User.</strong></p>



<p class="wp-block-paragraph">Tiếp theo mình sẽ tạo <strong>1 policy cấm truy cập facebook </strong>đối với user <strong>John.</strong></p>



<p class="wp-block-paragraph">Trên giao diện quản trị của <strong>Checkpoint Firewall &gt; User &amp; Objects &gt; Network Resources &gt;Network Object Groups &gt; New</strong>.</p>



<p class="wp-block-paragraph">Điền tên cho <strong>Network Object Groups</strong> <strong>(Ex: Block_FB_VN) &gt; New &gt; Type: Domain Name &gt; Domain: Facebook.com</strong>. Click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="873" height="321" src="https://thegioifirewall.com/wp-content/uploads/image-4250.png" alt="" class="wp-image-15668" srcset="https://thegioifirewall.com/wp-content/uploads/image-4250.png 873w, https://thegioifirewall.com/wp-content/uploads/image-4250-300x110.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4250-768x282.png 768w" sizes="auto, (max-width: 873px) 100vw, 873px" /></figure></div>



<p class="wp-block-paragraph">Để tạo Policy bạn đi đến <strong>Access Policy &gt; Firewall &gt; Policy &gt; New &gt; On Top.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="715" height="182" src="https://thegioifirewall.com/wp-content/uploads/image-4251.png" alt="" class="wp-image-15669" srcset="https://thegioifirewall.com/wp-content/uploads/image-4251.png 715w, https://thegioifirewall.com/wp-content/uploads/image-4251-300x76.png 300w" sizes="auto, (max-width: 715px) 100vw, 715px" /></figure></div>



<p class="wp-block-paragraph">Trong phần <strong>Source: </strong>chọn <strong>User tab &gt; chọn John</strong>.</p>



<p class="wp-block-paragraph">D<strong>estination:</strong> chọn <strong>Network Object Groups</strong> <strong>(Ex: Block_FB_VN)</strong>.</p>



<p class="wp-block-paragraph"><strong>Action:</strong> chọn <strong>Block</strong>.</p>



<p class="wp-block-paragraph">Click <strong>Apply.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="691" height="370" src="https://thegioifirewall.com/wp-content/uploads/image-4252.png" alt="" class="wp-image-15670" srcset="https://thegioifirewall.com/wp-content/uploads/image-4252.png 691w, https://thegioifirewall.com/wp-content/uploads/image-4252-300x161.png 300w" sizes="auto, (max-width: 691px) 100vw, 691px" /></figure></div>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="624" height="278" src="https://thegioifirewall.com/wp-content/uploads/image-4253.png" alt="" class="wp-image-15671" srcset="https://thegioifirewall.com/wp-content/uploads/image-4253.png 624w, https://thegioifirewall.com/wp-content/uploads/image-4253-300x134.png 300w" sizes="auto, (max-width: 624px) 100vw, 624px" /></figure></div>



<p class="wp-block-paragraph">Đã tạo xong policy chặn truy cập facebook với user John.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="704" height="170" src="https://thegioifirewall.com/wp-content/uploads/image-4254.png" alt="" class="wp-image-15672" srcset="https://thegioifirewall.com/wp-content/uploads/image-4254.png 704w, https://thegioifirewall.com/wp-content/uploads/image-4254-300x72.png 300w" sizes="auto, (max-width: 704px) 100vw, 704px" /></figure></div>



<p class="wp-block-paragraph">K<strong>iểm tra:</strong> Xác thực với user John và thử truy cập facebook, kết quả là không thể truy cập được. Nhưng các trang web khác vẫn truy cập bình thường.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="533" height="283" src="https://thegioifirewall.com/wp-content/uploads/image-4255.png" alt="" class="wp-image-15673" srcset="https://thegioifirewall.com/wp-content/uploads/image-4255.png 533w, https://thegioifirewall.com/wp-content/uploads/image-4255-300x159.png 300w" sizes="auto, (max-width: 533px) 100vw, 533px" /></figure></div>



<p class="wp-block-paragraph">Kiểm tra Log trên Checkpoint Firewall. Các traffic user John đều bị <strong>Drop.</strong></p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="777" height="219" src="https://thegioifirewall.com/wp-content/uploads/image-4256.png" alt="" class="wp-image-15674" srcset="https://thegioifirewall.com/wp-content/uploads/image-4256.png 777w, https://thegioifirewall.com/wp-content/uploads/image-4256-300x85.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4256-768x216.png 768w" sizes="auto, (max-width: 777px) 100vw, 777px" /></figure></div>



<p class="wp-block-paragraph">Tiếp tục <strong>Login bằng user Steven</strong> thì truy cập facebook bình thường.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="525" height="340" src="https://thegioifirewall.com/wp-content/uploads/image-4257.png" alt="" class="wp-image-15675" srcset="https://thegioifirewall.com/wp-content/uploads/image-4257.png 525w, https://thegioifirewall.com/wp-content/uploads/image-4257-300x194.png 300w" sizes="auto, (max-width: 525px) 100vw, 525px" /></figure></div>



<p class="wp-block-paragraph"> Kiểm tra Log trên Checkpoint Firewall. Log thể hiện user John đã log out và user Steven đã login thành công.</p>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="835" height="231" src="https://thegioifirewall.com/wp-content/uploads/image-4258.png" alt="" class="wp-image-15676" srcset="https://thegioifirewall.com/wp-content/uploads/image-4258.png 835w, https://thegioifirewall.com/wp-content/uploads/image-4258-300x83.png 300w, https://thegioifirewall.com/wp-content/uploads/image-4258-768x212.png 768w" sizes="auto, (max-width: 835px) 100vw, 835px" /></figure></div>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="691" height="345" src="https://thegioifirewall.com/wp-content/uploads/image-4259.png" alt="" class="wp-image-15677" srcset="https://thegioifirewall.com/wp-content/uploads/image-4259.png 691w, https://thegioifirewall.com/wp-content/uploads/image-4259-300x150.png 300w" sizes="auto, (max-width: 691px) 100vw, 691px" /></figure></div>



<div class="wp-block-image"><figure class="aligncenter size-full"><img loading="lazy" decoding="async" width="689" height="369" src="https://thegioifirewall.com/wp-content/uploads/image-4260.png" alt="" class="wp-image-15678" srcset="https://thegioifirewall.com/wp-content/uploads/image-4260.png 689w, https://thegioifirewall.com/wp-content/uploads/image-4260-300x161.png 300w" sizes="auto, (max-width: 689px) 100vw, 689px" /></figure></div>
]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/checkpoint-firewall-huong-dan-cau-hinh-tinh-nang-browser-based-authentication-captive-portal-xac-thuc-nguoi-dung-truy-cap-internet/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
