https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229006#M11556 <P>Which AD server do you use? (which version)</P> Sun, 06 Oct 2024 10:08:51 GMT Dafna 2024-10-06T10:08:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228985#M11551 <P>The Active Directory user-based policies are not working in the local managed firewall, although the user groups from Active Directory are displaying correctly and syncing properly. When I apply a policy to the Active Directory user group, the rule does not work; only IP-based rules are functioning. What could be the cause of this issue? I have attached an image showing the error in the user awareness session.</P> Sun, 06 Oct 2024 04:32:00 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228985#M11551 yasindu 2024-10-06T04:32:00Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228990#M11552 <P>Which firmware version/build is used and are you using this with the Identity Collector??</P> <P>You may need to investigate the issue further with TAC note also&nbsp;<SPAN>sk105977.</SPAN></P> Sun, 06 Oct 2024 05:16:48 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228990#M11552 Chris_Atkinson 2024-10-06T05:16:48Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228993#M11553 <P>Hi,</P> <P>Which version do you use?</P> <P>Can you please attach screenshot of the access rule?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp; &nbsp;Dafna</P> Sun, 06 Oct 2024 05:30:36 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228993#M11553 Dafna 2024-10-06T05:30:36Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228994#M11554 <P>Hi,</P><P>Thank you for replying. This is a Check Point 1570 security appliance, and the firmware version is R81.10.10. I have attached the access rules. According to the image, only the traffic matching rule number 5 is being processed; the other rules above it are being bypassed. Additionally, this firewall is not using an identity collector.</P> Sun, 06 Oct 2024 06:56:49 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228994#M11554 yasindu 2024-10-06T06:56:49Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228995#M11555 <P>Hi,</P><P>Thank you for the replying. Firmware version is&nbsp;<SPAN>R81.10.10 and this firewall not using identity collector. Only apply policies from user groups in active directory.</SPAN></P> Sun, 06 Oct 2024 06:58:47 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/228995#M11555 yasindu 2024-10-06T06:58:47Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229006#M11556 <P>Which AD server do you use? (which version)</P> Sun, 06 Oct 2024 10:08:51 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229006#M11556 Dafna 2024-10-06T10:08:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229007#M11557 <P>Hi,</P><P>Windows Server 2016 active directory.</P> Sun, 06 Oct 2024 10:19:34 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229007#M11557 yasindu 2024-10-06T10:19:34Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229026#M11558 <P>What it he method of the user auth?</P> <P><A href="https://support.checkpoint.com/results/sk/sk178604" target="_blank">https://support.checkpoint.com/results/sk/sk178604</A></P> <P><EM>Bear in mind: Identity Agent is not supported on 1500, 1600, and 1800 Quantum Spark Appliances.</EM></P> <P><EM>On a Locally Managed appliances, there is no Identity Awareness option to add Active Directory (AD) users/ Organization Units inside the source column in policy rules. There is an Identity Awareness option to add Active Directory (AD) groups, but not to add specific users. The&nbsp;<STRONG>Users</STRONG>&nbsp;tab on the left contains only internal users, which are not from Active Directory. See&nbsp;<A href="https://support.checkpoint.com/results/sk/sk105977" target="_blank" rel="noopener">sk105977</A>.</EM></P> <P>Akos</P> Mon, 07 Oct 2024 06:12:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Active-directory-user-base-policies-are-not-working/m-p/229026#M11558 AkosBakos 2024-10-07T06:12:31Z