Follow

Troubleshooting Directory Connector With Login Monitor on Windows Server 2012 R2

When using Directory Connector you need to also deploy a method for Active Directory to send user login events to the NGFW. The simplest method is to install the Login Monitor on each Active Directory server.

 

In many cases that is all that needs to happen for everything to work smoothly. However, there are some settings in Active Directory that, if not set properly, can cause the Login Monitor to not send login events back to the NGFW.

 

Note: The following settings and related images are from Windows Server 2012 R2. These settings exist in other versions of Windows Server but may be located in slightly different locations.

 

Audit Kerberos Authentication Service

  1. Open Local Policy Editor. On Server 2012 this can be done in Server Manager > Tools.

  2. After Local Security Policy is open expand Advanced Audit Policy Configuration > System Audit Policies- Local Group Policy Object > Account Logon
    AD2012-ServerManager.jpg

  3. Double click Audit Kerberos Authentication Service
    AD2012-AuditKerberosAuthentication.jpg

  4. Under the Policy tab check the Configure the following audit events and the Success check Boxes.
    AD2012-AuditKerberosAuthentication2.jpg

 

Audit Logoff

  1. Open Local Policy Editor. On Server 2012 this can be done in Server Manager > Tools.
    AD2012-ServerManager.jpg

  2. After Local Security Policy is open expand Advanced Audit Policy Configuration > System Audit Policies- Local Group Policy Object > Logon/Logoff

  3. Double click Audit Logoff
    AD2012-AuditLogoff.jpg

  4. Under the Policy tab check the Configure the following audit events and the Success check boxes.
    AD2012-AuditLogoff2.jpg

 

Audit Logon

  1. Open Local Policy Editor. On Server 2012 this can be done in Server Manager > Tools.
    AD2012-ServerManager.jpg

  2. After Local Security Policy is open expand Advanced Audit Policy Configuration > System Audit Policies- Local Group Policy Object > Logon/Logoff

  3. Double click Audit Logon
    AD2012-AuditLogon.jpg

  4. Under the Policy tab check the Configure the following audit events and the Success check boxes.
    AD2012-AudtiLogon2.jpg

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk