Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Checking LDAPS connections

I have a challenge of finding LDAPS traffic from 2 IP ranges and see if anything pops up on the firwall. Like  a stale session or ......

We have some undetermined authentication issues and I am not sure if the firewall is to blame of the hoster (being the LDAPS client) or the Domain server.

I know I am stuck to TCP analyses only as it is is SSL traffic. 

0 Kudos
Reply
2 Replies
Champion
Champion

0 Kudos
Reply
Champion
Champion

Try turning on TCP state logging which will show you how the LDAPS connections are ending (gracefully/FIN, non-gracefully/RST, or timed out by firewall):

sk101221: TCP state logging

Can be easily enabled from the SmartConsole for R80+, on R77.30 or earlier it has to be done from the gateway command line.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com