https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118300#M22010 <P>Can you share a screenshot of one of those examples?</P> Thu, 13 May 2021 01:44:22 GMT the_rock 2021-05-13T01:44:22Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118275#M22003 <P>Hi,</P> <P>We are getting unnecessary ldap queries to DC from firewall even if we have not enabled identity awareness on that firewall. ldap queries are initiated from firewall and passing through implied rule.</P> <P>Is there any setting through which we can stop these queries?</P> Wed, 12 May 2021 16:26:04 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118275#M22003 Gaurav_Pandya 2021-05-12T16:26:04Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118300#M22010 <P>Can you share a screenshot of one of those examples?</P> Thu, 13 May 2021 01:44:22 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118300#M22010 the_rock 2021-05-13T01:44:22Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118304#M22013 <P>LDAP has been supported by the gateway long before Identity Awareness was a thing.<BR />Legacy authentication schemes (including with Remote Access) can use it.</P> Thu, 13 May 2021 05:34:35 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118304#M22013 PhoneBoy 2021-05-13T05:34:35Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118310#M22015 <P>Thanks PhoneBoy.&nbsp;</P> <P>Is there any way we can stop these queries?</P> Thu, 13 May 2021 08:06:04 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118310#M22015 Gaurav_Pandya 2021-05-13T08:06:04Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118348#M22020 <P>Delete your LDAP account unit if not using.</P> <P>Wolfgang</P> Thu, 13 May 2021 20:27:11 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118348#M22020 Wolfgang 2021-05-13T20:27:11Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118349#M22021 <P>Depends on what is responsible for it.<BR />What precisely is this gateway used for and enforcing access to?<BR />What blades are active?<BR />Maybe check if pdpd and pepd are running on these gateways?&nbsp;</P> Thu, 13 May 2021 20:30:15 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118349#M22021 PhoneBoy 2021-05-13T20:30:15Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118364#M22023 <P>We cannot delete LDAP account unit as other firewalls are using it. This firewall is for access control only. No any other blades are active.</P> <DIV id="tinyMceEditor_5f9e9d1d0ac07fGaurav_Pandya_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> Fri, 14 May 2021 08:37:59 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118364#M22023 Gaurav_Pandya 2021-05-14T08:37:59Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118366#M22024 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture2.JPG" style="width: 301px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11686iE834F7E0592A03F9/image-size/large?v=v2&amp;px=999" role="button" title="Capture2.JPG" alt="Capture2.JPG" /></span></P> <P>&nbsp;</P> Fri, 14 May 2021 08:40:28 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118366#M22024 Gaurav_Pandya 2021-05-14T08:40:28Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118427#M22030 <P>Even firewall can use LDAP if there are legacy User Auth rules.<BR />Regardless, I recommend engaging with the TAC.</P> Fri, 14 May 2021 22:12:11 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118427#M22030 PhoneBoy 2021-05-14T22:12:11Z https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118428#M22031 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;made a good point Gaurav. Can you confirm if pdp and/or pep are running on this gateway? Try ps -auxw | grep pep or pdp and see what shows up. You can even type top from expert mode and see what you get.</P> Fri, 14 May 2021 22:16:35 GMT https://community.checkpoint.com/t5/General-Topics/Firewall-is-doing-ldap-query-even-if-identity-awareness-is/m-p/118428#M22031 the_rock 2021-05-14T22:16:35Z