https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106911#M14309 <P>Hi All,</P><P>We upgraded the VSX cluster from R77.30 to R80.30, since then Identity awareness stopped working. I am not able to create a new access role where the AD is reseting the 636 packet. But AD is reachable from firewall. Is this anything to do with TLS version or any SSL setting needs to be checked after upgrading? Please suggest.</P> Mon, 04 Jan 2021 15:57:06 GMT Sanjay_S 2021-01-04T15:57:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106911#M14309 <P>Hi All,</P><P>We upgraded the VSX cluster from R77.30 to R80.30, since then Identity awareness stopped working. I am not able to create a new access role where the AD is reseting the 636 packet. But AD is reachable from firewall. Is this anything to do with TLS version or any SSL setting needs to be checked after upgrading? Please suggest.</P> Mon, 04 Jan 2021 15:57:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106911#M14309 Sanjay_S 2021-01-04T15:57:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106973#M14317 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/18584">@Sanjay_S</a>&nbsp;,</P> <P>It sounds like the communication to the AD server indeed is not working. When creating an access role, the communication is between mgmt server and the AD, while Identity Awareness enforcement requires the GW to communicate with the AD server.</P> <P>You have mentioned port 636, which points to the fact you are probably using LDAP over SSL.</P> <P>Have you tried to refetch the fingerprint inside the LDAP account unit object? please do so, and install policy afterwards.</P> <P>If the issue still exists, I suggest contacting Check Point support.</P> <P>&nbsp;</P> Tue, 05 Jan 2021 07:11:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106973#M14317 Royi_Priov 2021-01-05T07:11:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106992#M14319 <P>Hi</P><P>We sometimes forgot to turn on NTLMv2 support after upgrading and IA was not working. Not sure if the symptoms match.</P><P><A href="https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_IdentityAwareness_AdminGuide/Topics-IDAG/Configuring-Identity-Sources-Configuring-AD-Query.htm?Highlight=ntlm" target="_blank">https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_IdentityAwareness_AdminGuide/Topics-IDAG/Configuring-Identity-Sources-Configuring-AD-Query.htm?Highlight=ntlm</A></P><P>&nbsp;</P> Tue, 05 Jan 2021 10:26:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-stopped-working-after-upgrade/m-p/106992#M14319 Borut 2021-01-05T10:26:52Z