Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hugo_vd_Kooij
Advisor

Checking LDAPS connections

I have a challenge of finding LDAPS traffic from 2 IP ranges and see if anything pops up on the firwall. Like  a stale session or ......

We have some undetermined authentication issues and I am not sure if the firewall is to blame of the hoster (being the LDAPS client) or the Domain server.

I know I am stuck to TCP analyses only as it is is SSL traffic. 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
2 Replies
Vladimir
Champion
Champion

0 Kudos
Timothy_Hall
Legend Legend
Legend

Try turning on TCP state logging which will show you how the LDAPS connections are ending (gracefully/FIN, non-gracefully/RST, or timed out by firewall):

sk101221: TCP state logging

Can be easily enabled from the SmartConsole for R80+, on R77.30 or earlier it has to be done from the gateway command line.

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events