https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243454#M47301 <P>Could I create an object in policy that understands if a host (say a VM) is part of a particular AD group?</P><P>For example, if I wanted a policy that says Allow "UserVMs" to "[IntranetSites]" on "https".</P><P>Is it possible to have UserVMs as an object that is populated from a connection to AD?</P><P>Hope it's explained well enough... essentially trying to make policy a little more dynamic by using AD data.</P><P>Thanks</P> Mon, 10 Mar 2025 16:41:05 GMT Anthony_Kahwati 2025-03-10T16:41:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243454#M47301 <P>Could I create an object in policy that understands if a host (say a VM) is part of a particular AD group?</P><P>For example, if I wanted a policy that says Allow "UserVMs" to "[IntranetSites]" on "https".</P><P>Is it possible to have UserVMs as an object that is populated from a connection to AD?</P><P>Hope it's explained well enough... essentially trying to make policy a little more dynamic by using AD data.</P><P>Thanks</P> Mon, 10 Mar 2025 16:41:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243454#M47301 Anthony_Kahwati 2025-03-10T16:41:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243463#M47305 <P>Yes, look at Access Roles &amp; Identity Awareness.</P> <P><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Configuring-Identity-Awareness-Creating-Access-Roles.htm?tocpath=Configuring%20Identity%20Awareness%7C_____2#Creating_Access_Roles" target="_self">R81.20 Identity Awareness Administration Guide</A>&nbsp;</P> Mon, 10 Mar 2025 19:58:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243463#M47305 CaseyB 2025-03-10T19:58:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243464#M47306 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/6010">@Anthony_Kahwati</a><SPAN>&nbsp;yes, that‘s possible.</SPAN></P> <P><SPAN>You can get a Connection to AD via AccountUnit. And with Access-roles you can use AD objects like users, groups, machines in your rules. Additional you can connect via the datacenter object to your vitualization platform (VMware, AWS, Azure etc.) and use the objects from these platforms.</SPAN></P> Mon, 10 Mar 2025 19:58:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Active-Directory-Objects/m-p/243464#M47306 Wolfgang 2025-03-10T19:58:39Z