This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PaddyCP
Participant
‎2022-01-04 11:12 AM

Application Control "Active Directory" not matching

Hello,

We have a new setup (migration from another vendor) and I am segmenting AD traffic into "Client" and "Server" VLAN's. I have created a simple Inline Layer and added "Active Directory" application group but I get no match on LDAP UDP 389 - so basically as soon as a machine tries to join the domain it fails. I then explicitly added the UDP 389 Service and it matches immediately within the same Inline Layer rule.

I have "Applications and URL Filtering" enabled on the Layers but just will not match for me. This is a fairly clean new R80.40 setup and first rule we have used an Application definition in.

No Identity checking etc - just a simple group of Networks for Source and 3 x AD Servers for Destination. 

My fix has been to just add all the required Services explicitly to the Inline Layer rule and had to take out the "Active Directory" group. 

Any ideas or suggestions would be really helpful.

Thanks a mil

Hugh

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2022-01-04 04:43 PM

That might be worth a TAC case since UDP 389 should be included in the "Active Directory" application definition.

the_rock
Legend
Legend
‎2022-01-04 05:53 PM

As phoneboy said, maybe TAC case would be a good idea. Did you confirm if indeed udp 389 is part of the group you added?

Andy

0 Kudos
PaddyCP
Participant
‎2022-01-05 12:16 AM
In response to the_rock

Thanks All.. Yes, double checked all as I just couldn't figure it out and thought I must be missing something or that the Inline Rule wasn't working as expected. Initially I had the "Active Directory" Application Group in the Parent rule so moved that to the Inline rule then but same occurred. As soon as I added the UDP 389 Explicitly it worked. I ended up just adding all the Active Directory Services Explicitly rather than testing to see if it was just an issue with UDP 389 - at that stage I had a colleague on the Domain side testing so many times that I just wanted it working. 

Appreciate the replies. Will let you know how it goes.

Thanks, Hugh

 

0 Kudos
Marcovb
Participant
Participant
‎2022-09-14 06:17 AM
In response to PaddyCP

Hi, did you happen to talk to TAC about this? I have the exact same thing now (R81.10), UDP/389 traffic is not hitting my "Active Directory" application, while TCP/389 is working fine, among others.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top