https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244800#M12331 <P>I am just test this option on internal firewall but it seem to not working.</P> Wed, 26 Mar 2025 11:02:13 GMT rozkie20 2025-03-26T11:02:13Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244779#M12324 <P>Hi Everyone,</P><P>We are currently configuring User Awareness on a Check Point SMB firewall with local management, but we are unable to query users from our Active Directory (AD) server.</P><P>We are using a non-administrator account and have modified the group permissions according to sk93938 (Using Identity Awareness AD Query without Active Directory Administrator privileges on Windows Server 2008 and higher).</P><P><STRONG>Troubleshooting Steps Taken:</STRONG><BR />We confirmed that the Gateway can ping the AD server.</P><P>The Gateway can access the AD server on port 389 (verified through firewall logs).</P><P>We also tested authentication using an Administrator account to rule out permission issues, but the problem persists.</P><P>Has anyone encountered this issue when using local deployment? Any insights would be greatly appreciated.</P><P>Thanks for reading!</P> Wed, 26 Mar 2025 09:26:49 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244779#M12324 rozkie20 2025-03-26T09:26:49Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244783#M12325 <P>Can you please specify model and firmware of the SMB ? Where is the AD situated, locally at site ?</P> Wed, 26 Mar 2025 10:00:59 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244783#M12325 G_W_Albrecht 2025-03-26T10:00:59Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244786#M12327 <P>Hi Albrecht,</P><P>We using CP 2000 series with firmware 81.10.15</P> Wed, 26 Mar 2025 10:08:03 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244786#M12327 rozkie20 2025-03-26T10:08:03Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244787#M12328 <P>Where is the AD situated, locally at site ?</P> Wed, 26 Mar 2025 10:09:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244787#M12328 G_W_Albrecht 2025-03-26T10:09:21Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244789#M12329 <P>We using AD server locally site with topo seem like this</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="z6428227472461_202cb78a60ce88927be9793caa2d1ccb.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30027iB438152CB6471A94/image-size/medium?v=v2&amp;px=400" role="button" title="z6428227472461_202cb78a60ce88927be9793caa2d1ccb.jpg" alt="z6428227472461_202cb78a60ce88927be9793caa2d1ccb.jpg" /></span></P><P> </P> Wed, 26 Mar 2025 10:13:52 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244789#M12329 rozkie20 2025-03-26T10:13:52Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244793#M12330 <P>So the issue seems the internal firewall - did you enable IA there also and set it to Identity Sharing ?</P> Wed, 26 Mar 2025 10:26:05 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244793#M12330 G_W_Albrecht 2025-03-26T10:26:05Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244800#M12331 <P>I am just test this option on internal firewall but it seem to not working.</P> Wed, 26 Mar 2025 11:02:13 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244800#M12331 rozkie20 2025-03-26T11:02:13Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244849#M12334 <P>That will only work with gateways managed by the same management, which is not the case here since your SMB gateway is locally managed.<BR />I suspect you'll need a TAC case to understand why you're getting an internal error adding the AD server.</P> Wed, 26 Mar 2025 14:04:03 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244849#M12334 PhoneBoy 2025-03-26T14:04:03Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244854#M12335 <P>So one solution would be to put SMB GW under same management as internal GW...</P> Wed, 26 Mar 2025 14:21:41 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Issue-with-User-Awareness-Query-on-Check-Point-SMB-Locally/m-p/244854#M12335 G_W_Albrecht 2025-03-26T14:21:41Z