https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48853#M87101 <P>Hi Stuart,</P> <P>The entity which reports the identity to SmartLog is the PEP, while the MUH agent is connecting to the PDP.</P> <P>&nbsp;</P> <P>Please verify where the issue falls with these commands:</P> <P># pdp m ip &lt;MUH IP&gt;</P> <P># pep sh u q cid &lt;MUH IP&gt;</P> <P>&nbsp;</P> <P>do you see the relevant user(s) on both sides?</P> <P>I believe it won't be on the PEP.</P> <P>In case it's shown on PDP side - it might be identity sharing problem.</P> <P>Otherwise - need to focus on MUH&lt;-&gt;PDP communication.</P> <P>&nbsp;</P> <P>Anyhow, as written here, it sounds like an issue to be raised with TAC.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Royi.</P> Wed, 27 Mar 2019 14:45:34 GMT Royi_Priov 2019-03-27T14:45:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48094#M87099 <P>Hi,</P><P>Strange issue on a customer site with R80.20 cluster (latest JHF) and the logging of User Identities from a Citrix MUH Host. &nbsp;Current version on the Citrix Hosts is R80.102.0000.</P><P>The MUH Agent is showing as being connected and users are shown in the window but nothing shows in SmartLog for user identity.</P><P>Failing the cluster over to the standby member brings the identities back and then failing back to the primary sees identities consistently being tagged in SmartLog.</P><P>Is there a new version of the MUH Agent for R80.20? &nbsp;Is the MUH Agent at fault or is this a firewall process causing the issue?</P> Thu, 21 Mar 2019 12:17:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48094#M87099 Stuart_Green 2019-03-21T12:17:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48201#M87100 If you’re on the latest jumbo, sounds like it’s worth a TAC case. Fri, 22 Mar 2019 04:38:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48201#M87100 PhoneBoy 2019-03-22T04:38:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48853#M87101 <P>Hi Stuart,</P> <P>The entity which reports the identity to SmartLog is the PEP, while the MUH agent is connecting to the PDP.</P> <P>&nbsp;</P> <P>Please verify where the issue falls with these commands:</P> <P># pdp m ip &lt;MUH IP&gt;</P> <P># pep sh u q cid &lt;MUH IP&gt;</P> <P>&nbsp;</P> <P>do you see the relevant user(s) on both sides?</P> <P>I believe it won't be on the PEP.</P> <P>In case it's shown on PDP side - it might be identity sharing problem.</P> <P>Otherwise - need to focus on MUH&lt;-&gt;PDP communication.</P> <P>&nbsp;</P> <P>Anyhow, as written here, it sounds like an issue to be raised with TAC.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Royi.</P> Wed, 27 Mar 2019 14:45:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/48853#M87101 Royi_Priov 2019-03-27T14:45:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/51644#M87102 <P>Hi Royi,</P><P>&nbsp;</P><P>We had some major issues with Identity Awareness when we upgraded a customers cluster to R80.20 (there are other clusters with R80.10 etc all working 100%) .</P><P>&nbsp;</P><P>We were advised by TAC to upgrade to the Jumbo Hotfix Take 73 (I see it is now superceded by JHF 74) and this fixed our issues.</P><P>&nbsp;</P><P>Hope this helps if your issue persists..</P> Wed, 24 Apr 2019 08:58:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-issue/m-p/51644#M87102 Darren_Fine 2019-04-24T08:58:44Z