cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Identity awareness - groups from AD

Hello,

we have issues with Identity Awareness on Checkpoint firewalls R80.10. We are using Terminal Servers for Citrix users. Users are correctly authenticated on AD but they are not receiving all AD groups. 

For example:

I should by in 8 groups on AD but in the output from pdp monitor all  on gateway (on active cluster member) I can see only 5 AD groups and thus I don't have access to some systems. It looks like Checkpoint ignores several groups/roles. Configruation on AD is correct. 

Could you please help me with this issue? Why Checkpoint ignores some AD groups? 

Thank you

Best regards,

Tomas

0 Kudos
1 Reply
Employee+
Employee+

Re: Identity awareness - groups from AD

Hello Tomas, 

The groups visible in "pdp m a" are the groups which are part of an access role. Does all the groups appear in the access roles? 

Additional options are:

1. That some of the groups are nested too deep or the groups are nested but the nesting is disabled. 

2. The groups are part of a foreign domain. 

If the first option is not the case I suggest to have a TAC ticket to assist in check that all is configured as required. 

Regards, 

Tzvi Katz - IDA & Access Clients GM