topic Not able to access native applications for AD users in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Not-able-to-access-native-applications-for-AD-users/m-p/29911#M13496 <HTML><HEAD></HEAD><BODY><P>Setup:Distributed</P><P>Version:R80.10 with TAKE_56</P><P>AD authentication for SSL VPN users stopped working after AD password expiry of non-admin user.</P><P>We were not able to see complete AD tree,we have manually added subdomain with parent domain,after that user is able to authenticate,but not able to access native applications.&nbsp;</P><P>It is working for local users,it will also work AD users if I add 'All uers" in source column of Mobile access policy.</P><P>But if I am adding specific AD users or LDAP groups,traffic is dropping with MAB policy with non-existant rule which is showing in logs.</P><P>When I am checking for drops with #fw ctl zdebug + drop | grep &lt;ip&gt;,can see drops as per MAB policy rule number which doesn't exist in MAB policy.</P><P>The rule number will be changing randomly,but the drop rule number in logs and zdebug output shows same rule number.</P><P>Any suggestions on this ?</P></BODY></HTML> Mon, 11 Jun 2018 05:47:52 GMT nagaraja_cs 2018-06-11T05:47:52Z Not able to access native applications for AD users https://community.checkpoint.com/t5/SASE-and-Remote-Access/Not-able-to-access-native-applications-for-AD-users/m-p/29911#M13496 <HTML><HEAD></HEAD><BODY><P>Setup:Distributed</P><P>Version:R80.10 with TAKE_56</P><P>AD authentication for SSL VPN users stopped working after AD password expiry of non-admin user.</P><P>We were not able to see complete AD tree,we have manually added subdomain with parent domain,after that user is able to authenticate,but not able to access native applications.&nbsp;</P><P>It is working for local users,it will also work AD users if I add 'All uers" in source column of Mobile access policy.</P><P>But if I am adding specific AD users or LDAP groups,traffic is dropping with MAB policy with non-existant rule which is showing in logs.</P><P>When I am checking for drops with #fw ctl zdebug + drop | grep &lt;ip&gt;,can see drops as per MAB policy rule number which doesn't exist in MAB policy.</P><P>The rule number will be changing randomly,but the drop rule number in logs and zdebug output shows same rule number.</P><P>Any suggestions on this ?</P></BODY></HTML> Mon, 11 Jun 2018 05:47:52 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Not-able-to-access-native-applications-for-AD-users/m-p/29911#M13496 nagaraja_cs 2018-06-11T05:47:52Z Re: Not able to access native applications for AD users https://community.checkpoint.com/t5/SASE-and-Remote-Access/Not-able-to-access-native-applications-for-AD-users/m-p/29912#M13497 <HTML><HEAD></HEAD><BODY><P>I would engage with the TAC.</P></BODY></HTML> Mon, 11 Jun 2018 18:05:05 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Not-able-to-access-native-applications-for-AD-users/m-p/29912#M13497 PhoneBoy 2018-06-11T18:05:05Z