topic IA VSX authentication issue in General Topics https://community.checkpoint.com/t5/General-Topics/IA-VSX-authentication-issue/m-p/26380#M5362 <HTML><HEAD></HEAD><BODY><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">General theory:</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Identity collector is “eating” event viewer messages written in AD server.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Firewall is still required to check if the user is in the proper group or it’s disabled. Those checks are&nbsp; ldap traffic from firewall to DC.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">&nbsp;</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Customer moved from clusterXL to VSX.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Normal firewall to ldap traffic pass on VS0. Here VS0 didn’t have access to DC. Only VS1 had access.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">In order to solve this problem under VS config -&gt; Other -&gt; legacy configuration -&gt; authentication server accessibility</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;"><STRONG>Change the default from shared to private.</STRONG></P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Credit goes to Kobi Kagan from israeli support team.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">&nbsp;</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">See attached screenshot</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Aner.</P></BODY></HTML> Sun, 27 May 2018 16:09:19 GMT aner_sagi 2018-05-27T16:09:19Z IA VSX authentication issue https://community.checkpoint.com/t5/General-Topics/IA-VSX-authentication-issue/m-p/26380#M5362 <HTML><HEAD></HEAD><BODY><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">General theory:</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Identity collector is “eating” event viewer messages written in AD server.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Firewall is still required to check if the user is in the proper group or it’s disabled. Those checks are&nbsp; ldap traffic from firewall to DC.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">&nbsp;</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Customer moved from clusterXL to VSX.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Normal firewall to ldap traffic pass on VS0. Here VS0 didn’t have access to DC. Only VS1 had access.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">In order to solve this problem under VS config -&gt; Other -&gt; legacy configuration -&gt; authentication server accessibility</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;"><STRONG>Change the default from shared to private.</STRONG></P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Credit goes to Kobi Kagan from israeli support team.</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">&nbsp;</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">See attached screenshot</P><P dir="ltr" style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; color: #000000; text-indent: 0px;">Aner.</P></BODY></HTML> Sun, 27 May 2018 16:09:19 GMT https://community.checkpoint.com/t5/General-Topics/IA-VSX-authentication-issue/m-p/26380#M5362 aner_sagi 2018-05-27T16:09:19Z