- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: AD Query in Remote Access connection
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AD Query in Remote Access connection
We migrate from R80.30 to R80.40. In R80.30 Remote Access uses AD Query information, now the information is not processed.
The AD Query is working fine for the other contexts, but it's not applied to VPN connection.
In PDPd and PEPd logs I can see the AD connection for the machine in the VPN, but I think it's not processed by the identity Awareness.
[25387 4059584320]@CPFW01[24 Mar 9:15:20] [TRACKER]: #40148 -> INCOMING -> ADQUERY_ASSOCIATION ->
Association
ip: 10.18.172.35
user:
machine: d580-55931
domain: interno.trt18.jus.br
reason: 0
In the PDPd log I found this:
[25387 4059584320]@CPFW01[24 Mar 9:15:20] [SESSION_UTILS (TD::Events)] pdp::PDPSessionConciliation::shouldOverrideSuperSessionByPriority: existing super session 6bd521f4 office mode IP score (1) > new association office mode IP score (0) - reject new association
Is there a way for identity awareness to use AD Query Data in Remote Access connection?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remote Access clients don't require AD Query because we're authenticating the user directly.
However, it needs to be enabled as an identity source on the gateway object (it's not by default).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, I have already enabled Remote access as a source. The login is fine, what I want is the information of AD query, when is available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What’s happening is explained here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Specifically “Some identity sources such as Identity Agent, Terminal Server, Captive Portal, and Remote Access VPN cannot be appended to others. In these cases, the conciliation decision is only override or reject.”
Note this is new behavior as of R80.40.
Not 100% sure you can change this, a TAC case will be required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PhoneBoy,
Old post but I am in a similar situation. Then do you mean that Remote Access clients authenticate directly against the AD and not through AD Query which uses WMI to look into Active Directory Security Event Logs?
Regards,
Julián