This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarkWeber
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2021-12-09 04:43 AM

Unable to deactivate Active Directory Query

Hi Experts,

From the very first beginning Active Directory Query is configured using the Mobile Access Wizard.

Nowadays I’am using the Identity Collector and want to get rid of the Active Directory Query configuration and the LDAP Account unit (checkpoint.lab__AD).

When I open the LDAP account unit and open the open “Where Used” I see it’s only used in the gateway configuration.

 

MarkWeber_0-1639053785154.jpeg

On the gateway object the option “Active Directory Query” is greyed out, so I cannot deactivate this option.

MarkWeber_1-1639053785159.jpeg

 

MarkWeber_2-1639053785162.png

When I open the settings and removing the LDAP Account Unit (checkpoint.lab__AD) and click OK, the following warning is displayed.

MarkWeber_3-1639053785163.png

 

And when clicking OK

MarkWeber_4-1639053785166.jpeg

Domain to query is not selected will be displayed, so there is no option to deactivate Active Directory Query at this point..

Any suggestions how to deactivate Active Directory Query?????

I have tried several options but without success…..

 

0 Kudos
8 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-12-09 06:23 AM

If you disable the IA blade and then enable it again, the Mobile Access Wizard will let you enable IA without AD Query.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
MarkWeber
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2021-12-09 06:31 AM
In response to G_W_Albrecht

No, it is in the wizard also greyed out

 

ID Wizard.jpg

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-12-09 07:01 AM
In response to MarkWeber

There is probably still a reference to the AU object in the Mobile Access Blade in the SmartDashboard; I don't think Where Used will show references in the legacy SmartDasboard so I suspect that's why it is greyed out everywhere in SmartConsole.  Try poking around in the legacy SmartDashboard.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2021-12-12 05:53 PM
In response to MarkWeber

I had that exact issue before and I solved it by removing some IA references in guidbedit for AD Cant recall what, but will update if I find out.

Best,
Andy
0 Kudos
MarkWeber
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2021-12-12 11:29 PM
In response to the_rock

Thanks!! 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-12-12 03:52 PM

@Royi_Priov 

0 Kudos
Royi_Priov
Employee
Employee
‎2021-12-13 01:11 AM

Hi @MarkWeber ,

This happens probably since you have Identity Logging enabled on the "Management" Tab.

Royi_Priov_1-1639386387216.png

 

Identity Logging is basically same as AD Query, but running on the mgmt side to enrich the management logs, without any enforcement abilities.

As for your specific issue, please disable Identity Logging on the mgmt tab first, and afterwards disable AD Query.

 

A general note for all Identity Awareness customers which are using AD integration such as AD Query and Identity Collector: there is no need to enable Identity Logging in addition to that. One of the Identity Awareness targets is anyhow enrich the management logs, together with enforcing traffic according to identities. It means, in other words, that ADQ / IDC will do logging + enforcement while Identity Logging is doing only logging.

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
MarkWeber
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2021-12-13 01:19 AM
In response to Royi_Priov

Hi Royi,

You're the EXPERT!!! That was the solution, disabled the Identity Logging feature and now I'am able to disable AD Query.

Thanks a lot.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events