This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
nflnetwork29
Advisor
‎2022-05-24 02:22 PM

Checkpoint Access Role not being matched

Hello I have setup remote access vpn and using office mode + SAML Authentication (Azure Ad) 

In my policy I created 1 ACL to allow traffic thru the VPN to my inside networks. My "Source" value is my access role. This Access role includes my Azure Active Directory Group.  

 

My traffic is hitting the cleanup rule . It's not being matched . 

 

If i change my source to 'any" - traffic is matched . 

 

I've narrowed it down the access role being the issue . 

 

Does anyone have a sample configuration I could look at?

Labels
0 Kudos
3 Replies
Manuel_Schulz
Explorer
a week ago

Are there any news about this topoc.
We have a lab firewall with the same setup and the same problem. We are on 81 Take 68.
The authentication is working but the ACR is only matching if we define "Any identified User". The Username (UPN) is visible in the logs. 

0 Kudos
Manuel_Schulz
Explorer
a week ago

I did some further testing. If i put a group from our ad in the ACR the permissions are granted. 
I think this is not the intendet purpose and there should be some configuration to change this behavoir.

0 Kudos
Manuel_Schulz
Explorer
a week ago
In response to Manuel_Schulz

Maybe this could help.
Hint from MattDunn 

0 Kudos