Integrate McAfee Logon Collector with Forcepoint NGFW

Integrating Forcepoint NGFW with McAfee® Logon Collector provides transparent user identification for access control by user.

Note: McAfee Logon Collector is only supported in Forcepoint NGFW version 5.8 or later.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Logon Collector installation, generate or export a certificate for communication with the Logon Collector.
    For complete instructions, see the McAfee Logon Collector Administration Guide.
  2. Save the certificate in a location that is accessible from the computer you use to run the Management Client.
  3. In the Management Client, create a McAfee Logon Collector element.
    1. Select Configuration.
    2. Browse to Other Elements > Engine Properties > User Identification Services.
    3. Right-click User Identification Services, then select New > McAfee Logon Collector.
    4. In the Name field, enter a unique name for the McAfee Logon Collector element.
    5. In the IP Address field, enter the IPv4 address of the primary McAfee Logon Collector server.
    Note: The Port field contains the port number for communication between the Forcepoint NGFW and the server. Do not change the port setting unless you must use another port number.
  4. (Optional) Complete the following fields in the High Availability section to configure the contact information for connections to a secondary Logon Collector server.
    Field Explanation
    IP Address The IPv4 address of the secondary Logon Collector server.
    Port

    The port number for communication between Forcepoint NGFW and the Logon Collector server.

    Note: The default port number is 61613. Use the default port number unless you must use a different port number.
  5. Import the certificate for communication with the Logon Collector.
    1. On the Certificate tab, click Import.
    2. Select the certificate and click Open.
  6. Click OK.
    The Logon Collector element is created.
  7. Select a Logon Collector element for NGFW Engines.
    1. Select Configuration.
    2. Right-click an engine, then select Edit <element type>.
    3. Browse to Add-Ons > User Identification.
    4. In the User Identification Service list, select a Logon Collector.
      If the Logon Collector that you want to use is not listed, select Select, then select a Logon Collector.
    5. Click Save and Refresh.
  8. Export an SMC certificate for communication with the Logon Collector.
    1. Select Configuration, then browse to Administration.
    2. Browse to Other Elements > Internal Certificate Authorities.
    3. Right-click the internal certificate authority, then select Properties.
    4. On the Certificate tab, click Export.
    5. Save the certificate.
    6. Click Cancel to close the properties of the internal certificate authority.
    7. Import the certificate on the Logon Collector server.
      For complete instructions, see the McAfee Logon Collector Administration Guide.

Logon Collector Properties dialog box

Use this dialog box to define the properties of a Logon Collector.

Option Definition
General tab
Name Specifies the unique name of the element.
IP Address Specifies the server IP address.
Resolve Automatically resolves the IP address of the host.
Location A Location is needed if NAT is applied between an engine and the computer on which the Logon Collector is installed.
Contact addresses A Contact Address is needed if NAT is applied between a Firewall or Management Server and the Logon Collector.
  • Default — Used by default whenever a component that belongs to another Location connects to the Logon Collector.
  • Exceptions — Opens the Exceptions dialog box.
Port

(Optional)

The port on which the Logon Collector communicates with the engine. If you change the port from the default, you must configure the same port in the Logon Collector Properties on the Windows system. You must also change the rule that allows communication between the engine and the Logon Collector.
Cache Expiration Set the length of time before the cache expires.
High Availability
IP Address Enter the IP address for connections to a secondary Logon Collector server.
Port

(Optional)

Enter the port number for connections to a secondary Logon Collector server.
Category Includes the Logon Collector in predefined categories.
Select Opens the Category Selection dialog box.
Tools Profile Adds custom commands to the Logon Collector right-click menu.
Select Opens the Select Element dialog box.
Comment An optional comment for your own reference.
Option Definition
Certificate tab
Certificate Shows the name of the selected certificate.
Import Opens a file browser to import a certificate file.
Export Opens a file browser to export a certificate file.
Option Definition
NAT tab
Firewall Shows the selected firewall.
NAT Type Shows the NAT translation type: Static or Dynamic.
Private IP Address Shows the Private IP Address.
Public IP Address Shows the defined Public IP Address.
Port Filter Shows the selected Port Filters.
Comment An optional comment for your own reference.
Add NAT Definition Opens the NAT Definition Properties dialog box.
Edit NAT Definition Opens the NAT Definition Properties dialog box for the selected definition.
Remove NAT Definition Removes the selected NAT definition from the list.

Internal Certificate Authority Properties dialog box

Use this dialog box to view the details of an Internal Certificate Authority element or to export the certificate of an internal certificate authority.

Option Definition
General tab
Name The name of the element.
Subject Name The identifier of the certified entity.
Public Key Algorithm The algorithm used for the public key.
Key Length The length of the key in bits.
Serial Number The sequence number of the certificate. The number is issued by the CA.
Signature Algorithm The signature algorithm that was used to sign the certificate.
Signed By The CA that signed the certificate.
SubjectAltName The subject alternative name fields of the certificate.
Valid From The start date of certificate validity.
Valid To The end date of certificate validity.
Fingerprint (SHA-1) The certificate fingerprint using the SHA-1 algorithm.
Fingerprint (SHA-512) The certificate fingerprint using the SHA-512 algorithm.
Status The status of the internal certificate authority.
Certificate tab
Export Click Export to export the certificate of the internal certificate authority.