Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vincent_Bacher
Advisor
Advisor

R80.10 - Identity sharing question

Hello Mates,

we are just upgrading a bunch of R77.30 gateways to R80.10.

Now we have detected, that the gateways connect to almost all other gateways for identity sharing.

We just enabled identity sharing on some chosen gateways because we don't want and need sharing between all gateways.

Does anybody facing this behavior as well or does anybody know if there is any way to make the gateways connect to just the pdp/pep server we have connected in the cluster object/identity sharing?

best
Vincent

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
5 Replies
Gaurav_Pandya
Advisor

Hi Vincent,

You can select the Gateways between which Identity information is shared. Below are the steps.

You can refer below URL for more information.

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_IdentityAwareness_AdminGuide...

0 Kudos
Vincent_Bacher
Advisor
Advisor

Hello,

i am familiar in how to configure that.

As i mentioned, identity sharing is disabled on almost all gateways but they are connected nevertheless.

Best
Vincent

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
John_Parnell
Participant

The PDP should show connected to the PEP on all the other gateways in a single domain, regardless of identity sharing being turned on or not. The identity sharing should only be turned on, on the appliance that is collecting the logins so to prevent duplicates which can lead to orphaned objects in the PEP table.

0 Kudos
Vincent_Bacher
Advisor
Advisor

This sounds conclusive. Thanks a lot.

Viele Grüße / best regards

Vincent Bacher

Vincent Bacher

PS Implementation Engineer (L3)

Dimension Data Germany

Tel: +49 6172 6808 067

Mob: +49 1743230235

vincent.bacher@dimensiondata.com

Dimension Data Germany AG & Co. KG, Horexstr. 7, 61352 Bad Homburg, Germany

For more information, please go to www.dimensiondata.com<http://www.dimensiondata.com/>

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Tzvi_Katz
Employee
Employee

Hi Vincent, Gaurav,

If the change of behavior of sharing occurred without any change in sharing setup and the definitions then I suggest to open a TAC and request it to be escalated to CFG task. We had recently identified a situation where under some conditions a gateway shares identities to other than selected gateways, but it is not a degradation and same behavior exist in R77.X as well.

Maybe a change of setting done as part to the introduction to R80.10 to the environment had amplified the issue.

Regards, 

Tzvi Katz - Identity awareness R&D group manager.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events