topic Re: 700 and Azure AD in Spark Firewall (SMB)

700 and Azure AD

Jaroslaw_Pietra — Fri, 10 Aug 2018 19:44:39 GMT

Hi,

I am looking for some tutorial how to setup Active Directory on Azure and then connect device 700 for Identity Awareness.

I have already created AD on Azure, but I have no clue how to connect from 700 to this AD. I can see the External IP for this domain created, but when I try to use it I get message Connect to server failed: Unknown error.

Definitely I am missing something and tutorial or list of steps would help me.

cheers

yaric

Re: 700 and Azure AD

G_W_Albrecht — Mon, 13 Aug 2018 10:35:25 GMT

Did you try the steps from Check Point 600/700 Appliances Administration Guide R77.20.80 p. 154 ?

To add an Active Directory domain:

1. In the Active Directory section, click New.

The Add new Domain window opens.

2. Enter this information:

• Domain - The domain name.

• IP address - The IP address of one of the domain controllers of your domain.

Note - 600 appliances only support IPv4 addresses. 700 appliances support both IPv4 and IPv6 servers.

• User name - The user must have administrator privileges to ease the configuration process and create a user based policy using the users defined in the Active Directory.

• Password - The user's password. You cannot use these characters when you enter a password or shared secret: { } [ ] ` ~ | ‘ " # + \

• User DN - Click Discover for automatic discovery of the DN of the object that represents that user or enter the user DN manually. For example: CN=John James,OU=RnD,OU=Germany,O=Europe,DC=Acme,DC=com

3. Select Use user groups from specific branch only if you want to use only part of the user database defined in the Active Directory. Enter the branch in the Branch full DN in the text field.

4. Click Apply.

When an Active Directory is defined, you can select it from the table and choose Edit or Delete when necessary.

When you edit, note that the Domain information is read-only and cannot be changed.

When you add a new Active Directory domain, you cannot create another object using an existing domain.

Re: 700 and Azure AD

Jaroslaw_Pietra — Tue, 14 Aug 2018 15:05:30 GMT

Thanks Günther for your answer. Obviously I read it. I think something I am missing on Azure side that connection is not getting established. That's the reason I asked for some tutorial on setup both sides Azure and 700.

However I have other domain set it up already on Synology device (it's not MS). But when I try to connect I get an error: "Stronger connection required" on Checkpoint device. Any advise here?

Re: 700 and Azure AD

Pedro_Espindola — Tue, 14 Aug 2018 16:54:20 GMT

Hello Jaroslaw,

I have asked about this in this here: User Awareness with Azure AD on locally managed SMB‌

User awareness connects with a Windows Server with Active Directory service, which is not the case of the Azure AD service. You would need to add support for LDAP in the Azure AD service in some way. I don't know if there is an additional (paid) service which will support this.

I have not found a solution for this issue yet.