1 of 1 people found this helpful
I haven't personally used Active Passports that extensively, but you may wish to take a look at the McAfee Logon Collector application - assuming you are running v8 of the Firewall product.
MLC can be downloaded using your grant number from the main McAfee web site and includes documentation. It basically provides a transparent link between your Firewall appliance and your Windows domain (identifying who is logged in where). But, I do know that this method does include AD group membership details and will then allow you to create rules on the Firewall based on groups rather than just user credentials.
When you look at the Passport list for any user authenticated using MLC you should also see that the AD groups (as External Groups) are listed.
PhilM is correct, MLC is a good option for this as well for authentication that is transparent to the user.
Please take a look at the following doc that may help. NTLM by itself does not allow the firewall to get the groups, but you can configure Smartfilter to get the groups so that different policies can be enforced based on the groups.
I used exactly that document, and got to situation described above.
And got it working for groups but no transparent authentication.
I will try MLC and will report back on results.
If you have any tips for MLC usage, please share.
It turns out, that McAfee Logon Collector can not be installed on Windows Server 2012.
Does anyone know the how to trick installer to think I have windows 2008r2 instead of Windows 2012?