Create a Post
Showing results for 
Search instead for 
Did you mean: 

Checkpoint Access Role not being matched

Hello I have setup remote access vpn and using office mode + SAML Authentication (Azure Ad) 

In my policy I created 1 ACL to allow traffic thru the VPN to my inside networks. My "Source" value is my access role. This Access role includes my Azure Active Directory Group.  


My traffic is hitting the cleanup rule . It's not being matched . 


If i change my source to 'any" - traffic is matched . 


I've narrowed it down the access role being the issue . 


Does anyone have a sample configuration I could look at?

0 Kudos
3 Replies

Are there any news about this topoc.
We have a lab firewall with the same setup and the same problem. We are on 81 Take 68.
The authentication is working but the ACR is only matching if we define "Any identified User". The Username (UPN) is visible in the logs. 

0 Kudos

I did some further testing. If i put a group from our ad in the ACR the permissions are granted. 
I think this is not the intendet purpose and there should be some configuration to change this behavoir.

0 Kudos

Maybe this could help.
Hint from MattDunn 

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events