This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
minhhaivietnam
Collaborator
‎2021-11-17 12:29 AM

Column "source user name" does not show anything in Logview

Hello experts,

 

I am running R81 with blade Identity Awareness.

I enabled this blade , and connect successfully to LDAP server. Then I create access-role (get user from LDAP), and put it in the policy rule like this:

role1.png

 

But when I log in  into PC with above account (hai2), then I access to some-where. In the logview, (colum Source User Name) it does not show anything about my access-role 

11111.png

 

Please help me; thank all!

0 Kudos
9 Replies
Ruan_Kotze
MVP Gold
MVP Gold
‎2021-11-17 02:17 AM

Two things spring to mind:

1. Can you confirm that the users are actually matching the policy you created
2. Make sure "hide user identities" is not enabled in SmartView

0 Kudos
minhhaivietnam
Collaborator
‎2021-11-17 02:47 AM
In response to Ruan_Kotze

Hi Ruan,

Yes, I confirm I use exactly user name (which put in rule) to login PC (192.168.1.100). 

"hide user identities" => I haven't known where it is, but when I show pdp like this : It said that no information found!

[Expert]# pdp monitor ip 192.168.1.100 ==>(IP of PC I use above)
no information was found for 192.168.1.100

I dont know why 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-10-31 07:04 AM

Apologies for responding for old thread, but I have same issue with a customer. I have no clue what to even look for, as IA blade is configured properly, all the settings were verified, but we are totally puzzled as to why "source user name" does not show anything.

Best,
Andy
0 Kudos
Vladimir
Champion
Champion
‎2022-10-31 10:47 AM
In response to the_rock

I suggest checking if the Successful Logon events are being logged on domain controllers. i think those are event numbers 4624.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-10-31 10:52 AM
In response to Vladimir

Its Azure AD, so not 100% certain how it works on that end : - (

Best,
Andy
0 Kudos
Vladimir
Champion
Champion
‎2022-11-01 09:19 AM
In response to the_rock

Have you seen this post:

https://community.checkpoint.com/t5/Security-Gateways/Identity-Awareness-using-Azure-AD/td-p/84940

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-11-01 09:21 AM
In response to Vladimir

We have call with CP on this soon, so lets hope we fix it, will update : - )

Best,
Andy
0 Kudos
mattiaadon
Explorer
‎2023-01-23 07:20 AM
In response to the_rock

Hi,

do you have some news about that?

Please let me know, because I have this kind of problem with a customer firewall.

Thank you!

0 Kudos
minhhaivietnam
Collaborator
‎2023-06-18 06:01 PM
In response to mattiaadon

Hi bro,

I re-install blade Indentity Awareness, and select account which have domain admin right, then it works. Good luck.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events