https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122747#M17564 <P>Not yet, i have a ticket open with Support now and sent them PDP and PEP logs. Here i dont have much of a log to go off of, but this is in smart console:</P><P>&nbsp;</P><P><SPAN>Failed to get users groups for the domain.</SPAN><BR /><SPAN>Verify that this domain name is configured in your LDAP Account Unit.</SPAN><BR /><SPAN>Domain: DOMAIN</SPAN></P><P>&nbsp;</P><P><SPAN>Our Domain in the ldap account unit is DOMAIN.EXMAPLE.COM and the domain on the forescout side is sending just DOMAIN.</SPAN></P> Thu, 01 Jul 2021 16:49:05 GMT Jonathan_Langle 2021-07-01T16:49:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122410#M17540 <P>We have the Check Point intergration to Forescout so we can add users to Access Roles in our security Policy. This is mostly working outside of one piece, the IP To User Mapping. It would appear Forescout is sending the EXAMPLE\Username instead of what our LDAP Account Unit is configured for which would be EXAMPLE.Domain.com as an example.</P><P>&nbsp;</P><P>Has anyone else used this integration and run into this? I tried changing the UserLoginAttr on the gateway object to UserPrincipalName&nbsp; but no dice. The error i am seeing is the following:Failed to get users groups for the domain. Verify that this domain name is configured in your LDAP Account Unit. Domain: EXAMPLE</P> Mon, 28 Jun 2021 20:46:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122410#M17540 Jonathan_Langle 2021-06-28T20:46:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122642#M17541 <P>Have you approached Forescout related to this?<BR />Can you include a (redacted) log card as well as version/JHF level?</P> Wed, 30 Jun 2021 21:17:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122642#M17541 PhoneBoy 2021-06-30T21:17:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122747#M17564 <P>Not yet, i have a ticket open with Support now and sent them PDP and PEP logs. Here i dont have much of a log to go off of, but this is in smart console:</P><P>&nbsp;</P><P><SPAN>Failed to get users groups for the domain.</SPAN><BR /><SPAN>Verify that this domain name is configured in your LDAP Account Unit.</SPAN><BR /><SPAN>Domain: DOMAIN</SPAN></P><P>&nbsp;</P><P><SPAN>Our Domain in the ldap account unit is DOMAIN.EXMAPLE.COM and the domain on the forescout side is sending just DOMAIN.</SPAN></P> Thu, 01 Jul 2021 16:49:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/122747#M17564 Jonathan_Langle 2021-07-01T16:49:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/191297#M35314 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/25962">@Jonathan_Langle</a>&nbsp;where you able to implement this successfully?</P><P>we are trying the integration to send forescout identified device classifications to checkpoint access roles to be used in the policy. Your insight will be helpful.</P> Fri, 01 Sep 2023 02:52:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Forescout-NAC-Identity-Awareness-API/m-p/191297#M35314 Kirupa_Shankar_ 2023-09-01T02:52:33Z