cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Di_Junior
Silver

LDAP groups in Remote Access VPN Rules

Dear Mates

I have been searching around, and so far I was not able to find an answer to the issue that I am facing.

I have currently migrated our VPN solution to Check Point RA VPN, but I am having an issue when it comes to create rules for remote access users. Each group has permissions to access different machines remotely, so I have requested the creation of specific LDAP groups to be used for remote access.

Unfornatunately, when a use an LDAP group in the Source field of the policy, users are not being able to authenticate. The authentication only works when I select the option "All Account Unit´s Users".

Any idea on how this issue could be overcomed? or a workaround perhaps? 

Thanks in advance

6 Replies
Highlighted
Vladimir
Pearl

Re: LDAP groups in Remote Access VPN Rules

Try using Access Roles instead of LDAP group and select the desired AD group under "Users" section of the role:

Di_Junior
Silver

Re: LDAP groups in Remote Access VPN Rules

Hi Vladimir,

When I try that I get the following error during policy verification:

"

Firewall and Address Translation Policy Verification:
Verifier warnings: Rule 32: Only User Groups are allowed as Source in VPN and Client Authentication Rules

"

Note: I am still using R77.30.

Thanks

0 Kudos
Danny
Pearl

Re: LDAP groups in Remote Access VPN Rules

Since you are still using R77.30, which you should have mentioned in your first post, you need to remove the RemoteAccess VPN group from the VPN column.

Di_Junior
Silver

Re: LDAP groups in Remote Access VPN Rules

HI Danny

Thanks for your contribution, and sorry about not mentioning that I am using R77.30 later.

I would like to know why you suggested ti remove the RemoteAccess VPN group from the VPN Column since I want the users to connect using the Remote Access Community.

Thanks once again

0 Kudos

Re: LDAP groups in Remote Access VPN Rules

0 Kudos
Rick_Rodrix
Nickel

Re: LDAP groups in Remote Access VPN Rules

Hi there!

I have the same issue. 

I´ve added a access role with a AD user in a firewall rule with "any traffic" in "VPN", but I can´t connect using "Endpoint Security".

In Smartlog I receive the message from blade Mobile Access,  "User does not belong to the Remote Access Community,"

System version R77.30

Endpoint Security E80.80.

 

 

0 Kudos