https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48066#M12919 <P>i've setup a domain, i've enabled identity awerness</P><P>i've created an access rule, which based on a group that's containing the users</P><P>i've created a policy saying they can go to the internet, but when i try to access the web, the gaia is ignoring the users, and simply blocks the communication in a standard deny policy with no reference to source user, just ip (ip is not permitted to access, only ad users)</P> Thu, 21 Mar 2019 07:42:50 GMT lior_me1 2019-03-21T07:42:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48066#M12919 <P>i've setup a domain, i've enabled identity awerness</P><P>i've created an access rule, which based on a group that's containing the users</P><P>i've created a policy saying they can go to the internet, but when i try to access the web, the gaia is ignoring the users, and simply blocks the communication in a standard deny policy with no reference to source user, just ip (ip is not permitted to access, only ad users)</P> Thu, 21 Mar 2019 07:42:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48066#M12919 lior_me1 2019-03-21T07:42:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48203#M12920 Might want to start with some basic troubleshooting as described here: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86441&amp;partition=Advanced&amp;product=Identity" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86441&amp;partition=Advanced&amp;product=Identity</A> Fri, 22 Mar 2019 04:50:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48203#M12920 PhoneBoy 2019-03-22T04:50:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48415#M12921 thank you. do i need the identity collector to make it work? i think i've seen systems work without it Sun, 24 Mar 2019 12:45:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48415#M12921 lior_me1 2019-03-24T12:45:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48421#M12922 sorry. my mistake. i was testing directly on the dc. when i do it on a workstation. it's working fine Sun, 24 Mar 2019 13:41:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48421#M12922 lior_me1 2019-03-24T13:41:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48430#M12923 <P>Is it strictly required? No.</P> <P>Is it recommended in larger environments (more than a few thousand users)? Yes.</P> Sun, 24 Mar 2019 23:27:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/active-directory-users-are-not-logged-or-honored-in-policy-r80/m-p/48430#M12923 PhoneBoy 2019-03-24T23:27:05Z