https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199244#M66590 <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk88520" target="_blank" rel="noopener">sk88520: Best Practices - Identity Awareness Large Scale Deployment</A></P> <P><A href="https://support.checkpoint.com/results/sk/sk170765" target="_blank" rel="noopener"><SPAN>sk170765: Identity Awareness Scalable Design - Identity Agent</SPAN></A></P> <P><A href="https://support.checkpoint.com/results/sk/sk86441" target="_blank" rel="noopener"><SPAN>sk86441: ATRG: Identity Awareness</SPAN></A></P> Wed, 29 Nov 2023 10:06:03 GMT G_W_Albrecht 2023-11-29T10:06:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199237#M66589 <P>Hi,</P><P>&nbsp;</P><P>First of all, I want to talk about the structure. There is an AD with many (hundreds of thousands) users. A remote Checpoint firewall is pulling users from this AD. I configured Identityy Awernes, but since the location is remote and there are too many users, user queries take a long time.</P><P>I think the problem will be solved if I pull the organization unit part of the region where the firewall is from the AD. When searching or querying users, it speeds up if it is done from a certain organization unit instead of all users.<BR />-Can I do this organization unit part with Identity collector?<BR />-If I can, can you share the relevant document?</P><P>Or can you suggest if there is another solution?</P><P>Thanks.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Nov 2023 07:13:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199237#M66589 ikafka 2023-11-29T07:13:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199244#M66590 <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk88520" target="_blank" rel="noopener">sk88520: Best Practices - Identity Awareness Large Scale Deployment</A></P> <P><A href="https://support.checkpoint.com/results/sk/sk170765" target="_blank" rel="noopener"><SPAN>sk170765: Identity Awareness Scalable Design - Identity Agent</SPAN></A></P> <P><A href="https://support.checkpoint.com/results/sk/sk86441" target="_blank" rel="noopener"><SPAN>sk86441: ATRG: Identity Awareness</SPAN></A></P> Wed, 29 Nov 2023 10:06:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199244#M66590 G_W_Albrecht 2023-11-29T10:06:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199440#M66591 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21294">@G_W_Albrecht</a>&nbsp;</P><P>Thanks for your reply and for sharing this information. I have not yet been able to provide controls in the environment. I will share the solution information when it is finalized.&nbsp;</P> Fri, 01 Dec 2023 11:07:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/199440#M66591 ikafka 2023-12-01T11:07:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/202280#M66592 <P>Hi</P><P>I installed with identity collector but there are small problems.</P><P>It is now doing user verification in the rules. But I want to cancel this rule and write a new rule. With this new rule, I want to check that only one computer is in a certain <STRONG>OU (organization unit)</STRONG>. If this computer is in the <STRONG>OU</STRONG>, it passes the rule. I couldn't figure out how to do this rule.</P> Fri, 05 Jan 2024 06:48:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/202280#M66592 ikafka 2024-01-05T06:48:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/202367#M66593 <P>I believe you can refer to individual machines in the Access Role, but I don't think we support groups for this function.</P> Fri, 05 Jan 2024 20:39:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/202367#M66593 PhoneBoy 2024-01-05T20:39:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/203199#M66594 <P>Hi,</P><P>&nbsp;</P><P>We install identity Collector and our problem solved.&nbsp;</P><P>Our environment have 42 ADC and we use 35 ADC with İdentity Collector.</P> Tue, 16 Jan 2024 10:19:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-LDAP-Integration/m-p/203199#M66594 ikafka 2024-01-16T10:19:03Z