cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Checking LDAPS connections

I have a challenge of finding LDAPS traffic from 2 IP ranges and see if anything pops up on the firwall. Like  a stale session or ......

We have some undetermined authentication issues and I am not sure if the firewall is to blame of the hoster (being the LDAPS client) or the Domain server.

I know I am stuck to TCP analyses only as it is is SSL traffic. 

0 Kudos
2 Replies
Vladimir
Pearl

Re: Checking LDAPS connections

0 Kudos

Re: Checking LDAPS connections

Try turning on TCP state logging which will show you how the LDAPS connections are ending (gracefully/FIN, non-gracefully/RST, or timed out by firewall):

sk101221: TCP state logging

Can be easily enabled from the SmartConsole for R80+, on R77.30 or earlier it has to be done from the gateway command line.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com