This credential detection method enables
the firewall to check for a valid corporate username and the associated
password. The firewall determines if the username and password a
user submits matches the same user’s corporate username and password. To do this, the firewall must able to match credential submissions to valid corporate usernames
and passwords and verify that the username submitted maps to the IP
address of the logged in user. This mode is supported only with the
Windows-based User-ID agent, and requires that the User-ID agent is
installed on a read-only domain controller (RODC) and equipped with
the User-ID Credential Service
Add-on. To use this method, you must also enable User-ID
to map IP addresses to users
using any of the supported user mapping methods, including
Authentication Policy, Authentication Portal, and
GlobalProtect.™ See Prevent Credential
Phishing
for
details on each of the methods the firewall can use to check for
valid corporate credential submissions, and for steps to enable
phishing prevention. |