Re: Problem with rules (user groups) IC

Gacki · ‎2023-09-07

Hello,

for some time now I have had a problem with rules for user groups that are downloaded from AD via the identity collector. It does not load the user with all groups in which it is added.
And because of this, some rules do not work properly.

Example
The user is added to the checkpoint_onedrive group in AD, the same is done at checkpoint, but unfortunately the user does not fall into this rule. This group is not visible in the console using the pdp monitor user command.

What may be the problem?

PhoneBoy · ‎2023-09-08

What version/JHF level?
Do you have LDAP Account Units created?
Have you confirmed the gateways are able to connect to the AD server to perform the necessary group queries?

Gacki · ‎2023-09-10

Release: R81.10 T335

Kernel build: 996000036
FW1 build: 996000035
FW1 private fixes: HOTFIX_R81_10_JUMBO_HF_MAIN
HOTFIX_GOT_TPCONF_AUTOUPDATE
HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE

Do you have LDAP Account Units created?

yes

Have you confirmed the gateways are able to connect to the AD server to perform the necessary group queries?

Yes,we have

PhoneBoy · ‎2023-09-11

Is it getting any groups at all, or just not that specific one?
You might need to engage with the TAC to investigate: https://help.checkpoint.com

Are you a member of CheckMates?

Problem with rules (user groups) IC