https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200433#M37614 <P>So, unfortunately it still doesn't work...</P><P>It registers when someone logs on to a client as seen below, however, not "regular" events:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fw3.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23642iABE435CE5C78108F/image-size/large?v=v2&amp;px=999" role="button" title="fw3.png" alt="fw3.png" /></span></P><P>But the IDC is both getting events from the AD and sending to the FW GW:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fw4.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23643iA8B944579BBB381E/image-size/large?v=v2&amp;px=999" role="button" title="fw4.png" alt="fw4.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dw5.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23644i77E508BE12495600/image-size/large?v=v2&amp;px=999" role="button" title="dw5.png" alt="dw5.png" /></span></P><P>&nbsp;</P><P>Any help would be appreciated!!</P> Wed, 13 Dec 2023 10:33:06 GMT JPR 2023-12-13T10:33:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200326#M37581 <P>Hello,</P><P>I've had some issues with our Identity Collectors and have tried to restart the "pdpd" and "pepd" processes with the following commands:</P><P># fw kill pdpd<BR /># fw kill pepd</P><P>They both seem to be running again and the Identity Collectors are receiving events from our AD and sending to the firewall. Also the firewall says that it is connected as you can see below:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fw1.png" style="width: 733px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23620i11D37ED8A25A2505/image-size/large?v=v2&amp;px=999" role="button" title="fw1.png" alt="fw1.png" /></span></P><P>However, when I look in the "Logs &amp; Monitor" in the SmartConsole it doesn't show/register any "Source User Name" as shown below:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fw2.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23621i2E2888D922F31AF3/image-size/large?v=v2&amp;px=999" role="button" title="fw2.png" alt="fw2.png" /></span></P><P>It does occasionally show someone logging in on a client.</P><P>I've restarted the services before and it began working again after some time. Is this expected behaviour because of the "Association time-to-live" on the Identity Collectors or something like that?<BR />And is there a way for me to make it work again now and not just having to wait?</P><P>I'm still a bit new to all this so please forgive me if I'm not all to clear in my explanations.</P><P>Thanks!</P> Tue, 12 Dec 2023 14:38:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200326#M37581 JPR 2023-12-12T14:38:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200433#M37614 <P>So, unfortunately it still doesn't work...</P><P>It registers when someone logs on to a client as seen below, however, not "regular" events:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fw3.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23642iABE435CE5C78108F/image-size/large?v=v2&amp;px=999" role="button" title="fw3.png" alt="fw3.png" /></span></P><P>But the IDC is both getting events from the AD and sending to the FW GW:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="fw4.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23643iA8B944579BBB381E/image-size/large?v=v2&amp;px=999" role="button" title="fw4.png" alt="fw4.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dw5.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23644i77E508BE12495600/image-size/large?v=v2&amp;px=999" role="button" title="dw5.png" alt="dw5.png" /></span></P><P>&nbsp;</P><P>Any help would be appreciated!!</P> Wed, 13 Dec 2023 10:33:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200433#M37614 JPR 2023-12-13T10:33:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200442#M37617 <P>Better contact CP TAC and get this reviewed in RAS - a look into the configuration is necessary to resolve this...</P> <P>&nbsp;</P> Wed, 13 Dec 2023 11:21:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200442#M37617 G_W_Albrecht 2023-12-13T11:21:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200443#M37618 <P>Quickest path is probably to review with TAC.</P> <P>Which Gateway &amp; IDC version do you use out of interest?</P> Wed, 13 Dec 2023 11:26:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200443#M37618 Chris_Atkinson 2023-12-13T11:26:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200451#M37623 <P>It's R81 and the IDCs are build 81.040.0000.</P><P>&nbsp;</P><P>It worked before I did the fw kill pdpd and fw kill pepd, so I'm quite certain it has something to do with that.</P><P>&nbsp;</P><P>When I do the pdp status show it says there is no PEPs connected:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="pdp.png" style="width: 555px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/23645iAAD9C646764E1CF1/image-size/large?v=v2&amp;px=999" role="button" title="pdp.png" alt="pdp.png" /></span></P> Wed, 13 Dec 2023 12:00:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200451#M37623 JPR 2023-12-13T12:00:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200487#M37642 <P>Is it perhaps because it has to rebuild the database after I restarted pdpd/pepd and the FW doesn't get old events/associations?</P> Wed, 13 Dec 2023 13:46:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200487#M37642 JPR 2023-12-13T13:46:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200492#M37643 <P>Which JHF take is applied to the Gateway, there are potentially relevant fixes here in addition to a newer IDC version</P> Wed, 13 Dec 2023 14:15:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200492#M37643 Chris_Atkinson 2023-12-13T14:15:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200493#M37644 <P>It could be, but better to get TAC involved to confirm, as the guys already said.</P> <P>Best regards,</P> <P>Andy</P> Wed, 13 Dec 2023 14:18:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Collectors-and-pdp-pep/m-p/200493#M37644 the_rock 2023-12-13T14:18:46Z