Create a Post
nflnetwork29
Advisor

Checkpoint Access Role not being matched

Hello I have setup remote access vpn and using office mode + SAML Authentication (Azure Ad) 

In my policy I created 1 ACL to allow traffic thru the VPN to my inside networks. My "Source" value is my access role. This Access role includes my Azure Active Directory Group.  

 

My traffic is hitting the cleanup rule . It's not being matched . 

 

If i change my source to 'any" - traffic is matched . 

 

I've narrowed it down the access role being the issue . 

 

Does anyone have a sample configuration I could look at?

0 Kudos
3 Replies
Manuel_Schulz
Explorer

Are there any news about this topoc.
We have a lab firewall with the same setup and the same problem. We are on 81 Take 68.
The authentication is working but the ACR is only matching if we define "Any identified User". The Username (UPN) is visible in the logs. 

0 Kudos
Manuel_Schulz
Explorer

I did some further testing. If i put a group from our ad in the ACR the permissions are granted. 
I think this is not the intendet purpose and there should be some configuration to change this behavoir.

0 Kudos
Manuel_Schulz
Explorer

Maybe this could help.
Hint from MattDunn 

0 Kudos