This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alexander_Baue1
Contributor
‎2019-01-22 04:05 AM

LDAP and Role

Hello together

 I have the following Situation Chechpoint 8.10 in a Cluster Configuration, all Traffic is working fine.
The was LDAP configured in the Past to conennct to 5 different Windows Domain Controller All Domain Controller are in sysnc and on the Entered in the Firewall.

We check all the Connection include (Fetch) and we get no Issue. So what is the Problem ?
On the Log we can see normaly IP Address and the current User based on LDAP and Windows on a Role.
But for some Users the is no Entry just Empty, only the IP Address is visible.

Permission is not read no Access to the Destination.
For other Users in the same Windows Group it works, the come from a other Subnet.
And other Users on a different Subnet we have the same Issue.

Any Idear.

best regars

Alexander

0 Kudos
9 Replies
Alessandro_Marr
Advisor
‎2019-01-22 04:08 AM

do you have http inspection active?

0 Kudos
Alexander_Baue1
Contributor
‎2019-01-22 04:15 AM
In response to Alessandro_Marr

Hi Alessandro

I assume that you mean HTTPS Inspection Trust, finally not, all the Traffic of Source and Destination is inside on different Zones.

The current Configuration was imported from a Cisco PXI.

Yesterday we found out that on the 3rd. Firewall who is not part on the Cluster Identity Awareness is enabled , we remove the

Because some Users are connect to this Firewall, and not to the Cluster.

Best regards

Alexander

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-01-22 04:19 AM

Do you have the recent GA Jumbo Take 169 installed ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Alexander_Baue1
Contributor
‎2019-01-22 04:30 AM
In response to G_W_Albrecht

Hi

Have to check no remote access at the Moment.

Best regards

Alexander

0 Kudos
Alessandro_Marr
Advisor
‎2019-01-22 04:41 AM

is client machine a windows OS ? if yes, could you try just lock and unlock that machine and check if show user identity on log?

If your Domain controller has a short rotate event log you could be losting events of logon. 

are you using AD query or identity collector?

0 Kudos
Alexander_Baue1
Contributor
‎2019-01-22 04:52 AM
In response to Alessandro_Marr

Hi Alessandro

Just to come back, there is no role working on the Environment who show us the Computer name and the User Name, only Computer name will be displayed.

But if we, create a new Policy and searching for the can Browse the Active Directory and see all Object.

What I think is that he place first the Network Object on the Policy and the next Policy is using the Role.

So if the Policy with the Network Object is match, why should he check the Policy with the Role.

Sorry have to come back tomorrow.

No access at the moment.

0 Kudos
Alexander_Baue1
Contributor
‎2019-01-25 12:52 AM
In response to Alessandro_Marr

Hello together

We have some news ☹

First the Issue is only with two Users in the same Group, other Users in the same Groups are working.

What did we do we add the missing Windows Domain Controller (total 5) to the LDAP Configuration, Result we can see now all Users from a other Location

who are not visible before. Remark have nothing to do with the Issue himself.

We change the Settings to read the LDAP Server from the Firewall himself (existing Object as Zone) to the to the real Name of the Servers (Host Object).

What did we assume the Firewall can read the LDAP Server because we have Hits on the Policy.

Test if User 1 is connected with PC 1 hi is not visible on the Log.

If the same User change to PC2 and log in we can see a Part of his Name in the Log Example Alex.B and not Alexander, Bauer.

Did we see in the Log the Display Name of the User from the Active Directory ?

Best regards

Alexander

0 Kudos
Alessandro_Marr
Advisor
‎2019-01-25 02:44 AM
In response to Alexander_Baue1

Both PCs is on same domain, correct?

on each PC open a prompt and type the command "set", looking for line with LOGONSERVER and confirm if is the same DC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events