https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14521#M2476 <HTML><HEAD></HEAD><BODY><P>Since you are still using R77.30, which you should have mentioned in your first post, you need to remove the RemoteAccess VPN group from the VPN column.</P></BODY></HTML> Mon, 10 Dec 2018 08:22:07 GMT Danny 2018-12-10T08:22:07Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14518#M2473 <HTML><HEAD></HEAD><BODY><P>Dear Mates</P><P></P><P>I have been searching around, and so far I was not able to find an answer to the issue that I am facing.</P><P></P><P>I have currently migrated our VPN solution to Check Point RA VPN, but I am having an issue when it comes to create rules for remote access users. Each group has permissions to access different machines remotely, so I have requested the creation of specific LDAP groups to be used for remote access.</P><P></P><P>Unfornatunately, when a use an LDAP group in the Source field of the policy, users are not being able to authenticate. The authentication only works when I select the option "<STRONG>All Account Unit´s Users".</STRONG></P><P></P><P>Any idea on how this issue could be overcomed? or a workaround perhaps?&nbsp;</P><P></P><P>Thanks in advance</P></BODY></HTML> Sun, 09 Dec 2018 22:57:40 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14518#M2473 Di_Junior 2018-12-09T22:57:40Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14519#M2474 <HTML><HEAD></HEAD><BODY><P>Try using Access Roles instead of LDAP group and select the desired AD group under "Users" section of the role:</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76304_pastedImage_1.png" /></P><P></P><P><IMG class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/76305_pastedImage_2.png" /></P></BODY></HTML> Sun, 09 Dec 2018 23:36:40 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14519#M2474 Vladimir 2018-12-09T23:36:40Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14520#M2475 <HTML><HEAD></HEAD><BODY><P>Hi Vladimir,</P><P></P><P>When I try that I get the following error during policy verification:</P><P></P><P>"</P><P>Firewall and Address Translation Policy Verification:<BR />Verifier warnings: Rule 32: Only User Groups are allowed as Source in VPN and Client Authentication Rules</P><P>"</P><P>Note: I am still using R77.30.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 10 Dec 2018 06:30:17 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14520#M2475 Di_Junior 2018-12-10T06:30:17Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14521#M2476 <HTML><HEAD></HEAD><BODY><P>Since you are still using R77.30, which you should have mentioned in your first post, you need to remove the RemoteAccess VPN group from the VPN column.</P></BODY></HTML> Mon, 10 Dec 2018 08:22:07 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14521#M2476 Danny 2018-12-10T08:22:07Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14522#M2477 <HTML><HEAD></HEAD><BODY><P>HI Danny</P><P></P><P>Thanks for your contribution, and sorry about not mentioning that I am using R77.30 later.</P><P></P><P>I would like to know why you suggested ti remove the RemoteAccess VPN group from the VPN Column since I want the users to connect using the Remote Access Community.</P><P></P><P>Thanks once again</P></BODY></HTML> Mon, 10 Dec 2018 09:33:10 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14522#M2477 Di_Junior 2018-12-10T09:33:10Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14523#M2478 <HTML><HEAD></HEAD><BODY><P>Have a look into&nbsp;<A class="" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk64400&amp;partition=General&amp;product=Security">sk64400: Policy Verification Error: "Only User Groups are allowed as Source in <STRONG>VPN</STRONG> and Client Authentication Rules"</A></P></BODY></HTML> Mon, 10 Dec 2018 15:42:44 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/14523#M2478 G_W_Albrecht 2018-12-10T15:42:44Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/58519#M11795 <P>Hi there!</P><P>I have the same issue.&nbsp;</P><P>I´ve added a access role with a AD user in a firewall rule with "any traffic" in "VPN", but I can´t connect using "Endpoint Security".<BR /><BR />In Smartlog I receive the message from blade Mobile Access,&nbsp; "User does not belong to the Remote Access Community,"</P><P>System version R77.30</P><P>Endpoint Security E80.80.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 18 Jul 2019 20:32:49 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/58519#M11795 Rick_Rodrix 2019-07-18T20:32:49Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/78484#M15977 <P>Valdimir, Is this example for R80.30 ? I am on R80.10 and do not see the "+" option, only the manual input</P><P>&nbsp;</P><P>Thanks,</P><P>Andy</P> Mon, 16 Mar 2020 19:45:00 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/78484#M15977 Andy_Van_Horn 2020-03-16T19:45:00Z https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/78499#M15983 Looks like it's there in the R80.10 UI for me when I go to look.<BR />A screenshot of what exactly you're seeing might help. Tue, 17 Mar 2020 01:02:45 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-groups-in-Remote-Access-VPN-Rules/m-p/78499#M15983 PhoneBoy 2020-03-17T01:02:45Z