https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151123#M6741 <P>Are there any news about this topoc.<BR />We have a lab firewall with the same setup and the same problem. We are on 81 Take 68.<BR />The authentication is working but the ACR is only matching if we define "Any identified User". The Username (UPN) is visible in the logs.&nbsp;</P> Fri, 17 Jun 2022 08:08:44 GMT Manuel_Schulz 2022-06-17T08:08:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/149381#M6740 <P>Hello I have setup remote access vpn and using office mode + SAML Authentication (Azure Ad)&nbsp;</P> <P>In my policy I created 1 ACL to allow traffic thru the VPN to my inside networks. My "Source" value is my access role. This Access role includes my Azure Active Directory Group.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>My traffic is hitting the cleanup rule . It's not being matched .&nbsp;</P> <P>&nbsp;</P> <P>If i change my source to 'any" - traffic is matched .&nbsp;</P> <P>&nbsp;</P> <P>I've narrowed it down the access role being the issue .&nbsp;</P> <P>&nbsp;</P> <P>Does anyone have a sample configuration I could look at?</P> Tue, 24 May 2022 21:23:57 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/149381#M6740 nflnetwork29 2022-05-24T21:23:57Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151123#M6741 <P>Are there any news about this topoc.<BR />We have a lab firewall with the same setup and the same problem. We are on 81 Take 68.<BR />The authentication is working but the ACR is only matching if we define "Any identified User". The Username (UPN) is visible in the logs.&nbsp;</P> Fri, 17 Jun 2022 08:08:44 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151123#M6741 Manuel_Schulz 2022-06-17T08:08:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151133#M6742 <P>I did some further testing. If i put a group from our ad in the ACR the permissions are granted.&nbsp;<BR />I think this is not the intendet purpose and there should be some configuration to change this behavoir.</P> Fri, 17 Jun 2022 09:51:25 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151133#M6742 Manuel_Schulz 2022-06-17T09:51:25Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151134#M6743 <P>Maybe this could help.<BR /><A href="https://community.checkpoint.com/t5/Security-Gateways/Access-Role-not-working/m-p/145830/highlight/true#M23059" target="_blank" rel="noopener">Hint from MattDunn</A>&nbsp;</P> Fri, 17 Jun 2022 09:57:48 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Checkpoint-Access-Role-not-being-matched/m-p/151134#M6743 Manuel_Schulz 2022-06-17T09:57:48Z