Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
saulosouza
Explorer

AD Query in Remote Access connection

We migrate from R80.30 to R80.40. In R80.30 Remote Access uses AD Query information, now the information is not processed.

The AD Query is working fine for the other contexts, but it's not applied to VPN connection.

In PDPd and PEPd logs I can see the AD connection for the machine in the VPN, but I think it's not processed by the identity Awareness.

[25387 4059584320]@CPFW01[24 Mar 9:15:20] [TRACKER]: #40148 -> INCOMING -> ADQUERY_ASSOCIATION ->
Association
ip: 10.18.172.35
user:
machine: d580-55931
domain: interno.trt18.jus.br
reason: 0

In the PDPd log I found this:

[25387 4059584320]@CPFW01[24 Mar 9:15:20] [SESSION_UTILS (TD::Events)] pdp::PDPSessionConciliation::shouldOverrideSuperSessionByPriority: existing super session 6bd521f4 office mode IP score (1) > new association office mode IP score (0) - reject new association


Is there a way for identity awareness to use AD Query Data in Remote Access connection? 

Thanks in advance!

(1)
4 Replies
PhoneBoy
Admin
Admin

Remote Access clients don't require AD Query because we're authenticating the user directly.
However, it needs to be enabled as an identity source on the gateway object (it's not by default).

saulosouza
Explorer

Thank you, I have already enabled Remote access as a source. The login is fine, what I want is the information of AD query, when is available. 

PhoneBoy
Admin
Admin

What’s happening is explained here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Specifically “Some identity sources such as Identity Agent, Terminal Server, Captive Portal, and Remote Access VPN cannot be appended to others. In these cases, the conciliation decision is only override or reject.”
Note this is new behavior as of R80.40.
Not 100% sure you can change this, a TAC case will be required.

fjulianom
Advisor

Hi PhoneBoy,

 

Old post but I am in a similar situation. Then do you mean that Remote Access clients authenticate directly against the AD and not through AD Query which uses WMI to look into Active Directory Security Event Logs?

 

Regards,

Julián

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events