https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82626#M11380 <P>Hello,</P><P>I'm looking at an issue with Identity awareness AD Query. From looking at the CPview, pdpd &amp; pepd debug files I can see that identities are being gathered and stored on the gateway; PDP monitor has confirmed this. On the central management server, I am able to create access roles with the correct AD account set within &amp; add them to the rulebase. However when testing the rule, my traffic hits the cleanup rule and is skipping the AD rule I have set.&nbsp;</P><P>I am struggling to understand why this is happening as the gateway has knowledge of each AD user and associated IP address, as far as I can see all the required services are up. The gateway is also actively receiving events from multiple domain controllers.</P><P>Gateway is R80.20 Take 19 IAAS Azure</P><P>Management is R80.30&nbsp;</P><P>Is anybody able to point me in the right direction?</P> Tue, 21 Apr 2020 14:16:10 GMT AshleyM 2020-04-21T14:16:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82626#M11380 <P>Hello,</P><P>I'm looking at an issue with Identity awareness AD Query. From looking at the CPview, pdpd &amp; pepd debug files I can see that identities are being gathered and stored on the gateway; PDP monitor has confirmed this. On the central management server, I am able to create access roles with the correct AD account set within &amp; add them to the rulebase. However when testing the rule, my traffic hits the cleanup rule and is skipping the AD rule I have set.&nbsp;</P><P>I am struggling to understand why this is happening as the gateway has knowledge of each AD user and associated IP address, as far as I can see all the required services are up. The gateway is also actively receiving events from multiple domain controllers.</P><P>Gateway is R80.20 Take 19 IAAS Azure</P><P>Management is R80.30&nbsp;</P><P>Is anybody able to point me in the right direction?</P> Tue, 21 Apr 2020 14:16:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82626#M11380 AshleyM 2020-04-21T14:16:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82670#M11381 Have you verified the LDAP portion of the config is correct and working?<BR />This is needed to correctly associate users with their groups, and thus their access roles. Tue, 21 Apr 2020 18:40:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82670#M11381 PhoneBoy 2020-04-21T18:40:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82775#M11382 <P>Thanks for your response <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;, yes I believe it is all correct and working. The Account used is a domain administrator &amp; I can see the AD user information such as group membership is being pulled through, both when adding users to access roles on the management server &amp; when running a PDP monitor on the gateway.</P><P>It looks like all the required information is present on the gateway but just not being used.</P> Wed, 22 Apr 2020 14:19:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82775#M11382 AshleyM 2020-04-22T14:19:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82778#M11383 <P>Have you verified the pepd daemon is running?</P><P>Here a couple useful commands to test if pepd is doing its job</P><P><FONT color="#000000"><SPAN>#pep show stat</SPAN><FONT face="Calibri"> – shows basic status of PEP</FONT></FONT></P><P><FONT color="#000000"><FONT face="Calibri"><SPAN>#pep show pdp all</SPAN><SPAN> – shows status of PDPs</SPAN></FONT></FONT></P><P><FONT color="#000000"><FONT face="Calibri"><SPAN><SPAN>#pep show user query usr &lt;username&gt;</SPAN> – shows identity status of single user. Useful to confirm that the PEP has received identity data from PDP.</SPAN></FONT></FONT></P><P><FONT color="#000000"><FONT face="Calibri"><SPAN><SPAN>#pep show user query cid &lt;IP address&gt;</SPAN> – shows identity status of single IP address</SPAN></FONT></FONT></P><P><FONT color="#000000"><FONT face="Calibri"><SPAN>Dave</SPAN></FONT></FONT></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 22 Apr 2020 14:31:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/82778#M11383 David_C1 2020-04-22T14:31:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/97349#M11384 <P>Hi,</P><P>&nbsp;</P><P>I went back over the LDAP configuration again &amp; found that the information in the LDAP account was correct. However when I took a look at the access roles in use I found they were pointing towards another LDAP account present on the management server, once I changed it to the new LDAP account I had created it started working. I'm now in the process of removing the obsolete LDAP accounts from the management server.</P><P>&nbsp;</P><P>Thanks all for your help.</P> Wed, 23 Sep 2020 11:46:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-AD-Query-not-applying-Identities-in-Rulebase/m-p/97349#M11384 AshleyM 2020-09-23T11:46:08Z