Hi,
We have a requirement to use identity to allow certain connections. With desktops/laptops we will use the AD Event Log Scraper, but this wouldn't work reliably for multiple RDS sessions, as it is based on IP, and allow other non-privileged user on that server to connect. Does using guest introspection improve this? As its an agent and can see the user id and the PID's its creating, natstat can then trace this back.
Thanks in advance
Identity firewall does not work if the destination is a terminal server or shared desktops where multiple users share an IP Address. Identity firewall maps a user to IP address. In RDS apparently, there is no easy to solve this problem right now.
Checkpoint FW has an agent which does this - maps a user to IP & port - and maybe Palo Alto too.