Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rkucera
Explorer

Identity Awareness - IDC Problems

Hi,

we have been using Identity Awareness for a long time now. In the past we always used Identy Agents and had different problems with them ( most likely rather client based problems). A while ago we started using Identity Collectors on our AD servers. Basically this works quite well for us, but we have the situation several times a week that different users are not authenticated. Often I see that the ID Collector at the AD recognizes the user but this information does not reach the gateways. Only when I restart the pepd and pdpd service at the gateway will it work again.

Has anyone had a similar problem and knows why they occure?

 

Our Infrastructure:

2 Checkpoint GWs (Version: R80.30 Take 76)

2 AD Servers with IDC Version: 80.87.0000

Both IDC report Identities to both Gateways and the GWs are configured to share the identities between them

 

Best Regards

Rene

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Probably best to get the TAC involved.
Also tagging @Royi_Priov 

0 Kudos
Royi_Priov
Employee
Employee

Hi Rene,

 

It will indeed require further investigation.

However, as a first step, I would recommend checking where the issue resides and provide this extra info to TAC.

Type the following commands on both PDP and PEP to see where the identity is known:

# pdp m u <PROBLEMATIC USERNAME>

or alternatively:

# pdp m ip <PROBLEMATIC IP>

 

and on the PEP side:

# pep sh u q cid <PROBLEMATIC IP>

or alternatively:

# pep sh u q usr <PROBLEMATIC USERNAME>

 

In addition to the above outputs, please provide TAC:

1. cpinfo from both PDP and PEP (if these are different machines)

2. log files:

$FWDIR/log/pdpd.elg*

$FWDIR/log/pepd.elg*

 

Thanks,

Royi Priov.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Alex_Sykes
Participant

Hi Rene,

Did you get a fix from TAC for this as we're experiencing similar issues?

Many thanks
Alex
0 Kudos
MartinTzvetanov
Advisor

Hello,

 

Any updates here?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events