topic Re: Why AD user account without access role object can access to Endpoint VPN? in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/Why-AD-user-account-without-access-role-object-can-access-to/m-p/103646#M10119 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/47647">@Kirill</a>&nbsp;</P> <P>it's normal behaviour. Users are authenticated but has no rights to anything if no rule for this user exist.</P> <P>Authentication is possible for all user included here on the remote access community:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Remote_access.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9351i44ED47D79F84D775/image-size/medium?v=v2&amp;px=400" role="button" title="Remote_access.png" alt="Remote_access.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Wolfgang</P> Mon, 30 Nov 2020 06:57:36 GMT Wolfgang 2020-11-30T06:57:36Z Why AD user account without access role object can access to Endpoint VPN? https://community.checkpoint.com/t5/Firewall-and-Security-Management/Why-AD-user-account-without-access-role-object-can-access-to/m-p/103627#M10118 <P>Hello, I have enabled Identity Awareness blade and created allowing rule for Remote access VPN users.&nbsp;</P><P>I added some users in Access role object, and they have access to VPN, it's ok. But when i try to make authorization in Endpoint VPN with AD account which is not in the access role object it has access too, authorization is successful. How is it can be possible ?</P> Mon, 30 Nov 2020 03:55:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Why-AD-user-account-without-access-role-object-can-access-to/m-p/103627#M10118 Kirill 2020-11-30T03:55:00Z Re: Why AD user account without access role object can access to Endpoint VPN? https://community.checkpoint.com/t5/Firewall-and-Security-Management/Why-AD-user-account-without-access-role-object-can-access-to/m-p/103646#M10119 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/47647">@Kirill</a>&nbsp;</P> <P>it's normal behaviour. Users are authenticated but has no rights to anything if no rule for this user exist.</P> <P>Authentication is possible for all user included here on the remote access community:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Remote_access.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9351i44ED47D79F84D775/image-size/medium?v=v2&amp;px=400" role="button" title="Remote_access.png" alt="Remote_access.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Wolfgang</P> Mon, 30 Nov 2020 06:57:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Why-AD-user-account-without-access-role-object-can-access-to/m-p/103646#M10119 Wolfgang 2020-11-30T06:57:36Z