topic Re: Issues with Identity Sharing (r80.30 jumbo228) in Firewall and Security Management

Issues with Identity Sharing (r80.30 jumbo228)

Marcos_Bezerra — Tue, 01 Jun 2021 18:53:44 GMT

Hi community!

we have this costumer, and we are experiencing some issues with identity sharing.

they have 2 locations with checkpoint gateways.

GT1 and Cluster-1.

GT1 and Cluster-1 are connected via MPLS

we noticed when a user connects on GT1 using Endpoint Client, and authenticates with an AD user, the identity is not shared to Cluster-1, and so this person cannot access the resource that is behind Cluster-1.

BUT, when they use a local user that was created on GT1, and connects to the VPN the identity is shared to Cluster-1 and they can access the resource.

both Cluster-1 and GT1 are managed by the same management server, and both are on R80.30 J228.

I´m attaching a screenshot, where you can see, the local user is shared to the PEP, but the AD user is not.

Re: Issues with Identity Sharing (r80.30 jumbo228)

PhoneBoy — Wed, 02 Jun 2021 15:51:17 GMT

Have you configured Identity Sharing between the gateways?
This is not enabled by default.

Re: Issues with Identity Sharing (r80.30 jumbo228)

Marcos_Bezerra — Wed, 02 Jun 2021 16:13:37 GMT

Hi PhoneBoy, yes, it is enabled on both the Cluster and individual gateway.

so much so that the Local identities from GT1 are shared to Cluster-1, but only the local users, as you can see from the print, thats the weird part... I already have a case open with TAC and i´m waiting for them to reply.

Re: Issues with Identity Sharing (r80.30 jumbo228)

PhoneBoy — Wed, 02 Jun 2021 19:58:15 GMT

If some identities are being shared but not others, that definitely doesn't sound right.
@Royi_Priov