This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomas_Kolek
Explorer
‎2018-08-06 01:09 AM

Identity awareness - groups from AD

Hello,

we have issues with Identity Awareness on Checkpoint firewalls R80.10. We are using Terminal Servers for Citrix users. Users are correctly authenticated on AD but they are not receiving all AD groups. 

For example:

I should by in 8 groups on AD but in the output from pdp monitor all  on gateway (on active cluster member) I can see only 5 AD groups and thus I don't have access to some systems. It looks like Checkpoint ignores several groups/roles. Configruation on AD is correct. 

Could you please help me with this issue? Why Checkpoint ignores some AD groups? 

Thank you

Best regards,

Tomas

0 Kudos
1 Reply
Tzvi_Katz
Employee
Employee
‎2018-08-06 01:42 AM

Hello Tomas, 

The groups visible in "pdp m a" are the groups which are part of an access role. Does all the groups appear in the access roles? 

Additional options are:

1. That some of the groups are nested too deep or the groups are nested but the nesting is disabled. 

2. The groups are part of a foreign domain. 

If the first option is not the case I suggest to have a TAC ticket to assist in check that all is configured as required. 

Regards, 

Tzvi Katz - IDA & Access Clients GM 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top