Create a Post
Showing results for 
Search instead for 
Did you mean: 

Identity awareness - groups from AD


we have issues with Identity Awareness on Checkpoint firewalls R80.10. We are using Terminal Servers for Citrix users. Users are correctly authenticated on AD but they are not receiving all AD groups. 

For example:

I should by in 8 groups on AD but in the output from pdp monitor all  on gateway (on active cluster member) I can see only 5 AD groups and thus I don't have access to some systems. It looks like Checkpoint ignores several groups/roles. Configruation on AD is correct. 

Could you please help me with this issue? Why Checkpoint ignores some AD groups? 

Thank you

Best regards,


0 Kudos
1 Reply

Hello Tomas, 

The groups visible in "pdp m a" are the groups which are part of an access role. Does all the groups appear in the access roles? 

Additional options are:

1. That some of the groups are nested too deep or the groups are nested but the nesting is disabled. 

2. The groups are part of a foreign domain. 

If the first option is not the case I suggest to have a TAC ticket to assist in check that all is configured as required. 


Tzvi Katz - IDA & Access Clients GM 


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events