https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176339#M32280 <P>You can try asking the TAC about this.<BR />However, you are ultimately trying to integrate with an LDAP directory we don't support.<BR />Which means even if you do somehow make this work, if and when it breaks again, it won't be formally supported.</P> <P>If this is a business requirement, your best bet is to work with the local Check Point office on an RFE.&nbsp;</P> Mon, 27 Mar 2023 16:54:57 GMT PhoneBoy 2023-03-27T16:54:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176053#M32176 <P>Hello Everyone,</P><P>Me and my team from few days are trying to integrate Checkpoint Security Gateway with FreeIPA.</P><P>We have integration with Microsoft AD by LDAP Unit Object which is works.</P><P>Unfortunately, FreeIPA haven't "samAccountName" object class in directory schema, so when we try to add some users to Checkpoint Access Role we receive only blank directory tree.</P><P>We try to change Profile in FreeIPA Ldap Unit from Microsoft AD to OPSEC and Create LDAP Group with some option "Only Group in branch (DN prefix)", where we paste uid path to specific group, but log in to VPN was without success.</P><P>&nbsp;</P><P>Somebody have any idea how to integrate this to systems?</P><P>&nbsp;</P><P>Best regards</P><P>Jakub</P> Fri, 24 Mar 2023 11:10:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176053#M32176 jakmic 2023-03-24T11:10:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176085#M32184 <P>Generic LDAP definitions should work.&nbsp;</P> Fri, 24 Mar 2023 13:56:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176085#M32184 _Val_ 2023-03-24T13:56:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176099#M32187 <P>Yes, we thought the same, but no.</P><P>User Object Class in FreeIPA is "uid". We try to use another User Directory Profile, but without success to log in.</P><P>From another site, when we use old Dashboard, with attribute "uid", we receive good results.</P><P>Maybe custom User Directory Profile, but how can we create it? Only by database edit?</P> Fri, 24 Mar 2023 14:42:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176099#M32187 jakmic 2023-03-24T14:42:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176146#M32214 <P>Presumably through guidbedit, it might be possible.</P> Fri, 24 Mar 2023 20:20:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176146#M32214 PhoneBoy 2023-03-24T20:20:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176229#M32234 <P>Is there any manual or KB where this is described?</P> Mon, 27 Mar 2023 06:07:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176229#M32234 jakmic 2023-03-27T06:07:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176339#M32280 <P>You can try asking the TAC about this.<BR />However, you are ultimately trying to integrate with an LDAP directory we don't support.<BR />Which means even if you do somehow make this work, if and when it breaks again, it won't be formally supported.</P> <P>If this is a business requirement, your best bet is to work with the local Check Point office on an RFE.&nbsp;</P> Mon, 27 Mar 2023 16:54:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176339#M32280 PhoneBoy 2023-03-27T16:54:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176392#M32293 <P>Finally, we integrated FreeIPA with Checkpoint</P><P>Profile: Netscape_DS - this profile has good user info mapping</P><P>First: We are integrating two environments, so we forgot about routes - all traffic were from WAN interface (on first environment traffic were accepted, on second environment traffic were drop from WAN or not occur)</P><P>Second: To use this object, we need to use LDAP Group, where important is to use good LDAP Filter</P><P>Thank you for help, for me this post/issue is solved</P> Tue, 28 Mar 2023 06:56:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Integration-FreeIPA-and-Checkpoint-Security-Gateway/m-p/176392#M32293 jakmic 2023-03-28T06:56:27Z