This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
796570686578
Collaborator
‎2023-10-18 03:28 AM

Mobile Access setup, failing to integrate AD

Hey everyone,

In a Lab environment I am trying to setup Mobile Access with AD Integration so I can test some configurations for a customer.

I setup a Gateway and Management Server using R81.20 and Jumbo Hotfix Take 26. Also I have an AD Controller on a different subnet. ( See my professional drawing of the topology in the attachments)

Mgmt: 172.16.101.10

FW: 172.16.101.30 & 172.16.102.30

DC: 172.16.102.100

 

Now to the actual problem:

I open the Firewall Object in Smart Console -> check "Mobile Access" -> select allowed clients to connect -> Active Directory Integration.

Now in the Active directory Integration I specify all the required parameters

- Domain Name

- Username

- Password

- Domain Controller

and then hit Connect. After some time I get an error message saying " Smart Dashboard could not connect - Could not communicate with server".

Now I have obviously checked the following:

- Configured Firewall Rule to allow any traffic to and from DC

- Necessary routes are in place

- No NAT rules

- I can ping between MGMT and DC without any issues

- No relevant Logs in Smart Dashboard

- Performed a tcpdump on the Management Server and the Firewall on all interfaces, there is not traffic to my DC(172.16.102.100) at all?!?! 

 

Now what is interesting, I configured an LDAP Account Unit Object for the same DC and it works without any issues...

 

Now I am pretty much at a loss on why it is not working.. Do you have any ideas on what my issue might be?

 

Thanks!

 

Preview file
19 KB
Preview file
15 KB
0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-10-18 03:42 AM

sk113747: How to troubleshoot Identity Awareness AD Query connectivity issues

sk100406: How to use the 'test_ad_connectivity' tool

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
796570686578
Collaborator
‎2023-10-18 04:54 AM
In response to G_W_Albrecht

Thanks, will check it out!

0 Kudos
796570686578
Collaborator
‎2023-10-18 05:18 AM
In response to G_W_Albrecht

So I checked the SKs you mentioned.

  • test_ad_connectivity test -> Success

 

 

(
        :status (SUCCESS_LDAP_WMI)
        :err_msg ("ADLOG_SUCCESS;LDAP_SUCCESS")
        :ldap_status (LDAP_SUCCESS)
        :wmi_status (ADLOG_SUCCESS)
        :timestamp ("Wed Oct 18 14:09:57 2023")
)

 

 

  • adlog a dc -> can't test this since I am not able to configure the DC for AD Query
  • ldapsearch -> Success

 

I just don't understand why these tests work, why I can configure the Account Unit, but it does not work when configuring a Blade like Mobile Access or Identity Awareness...

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-10-23 05:12 AM
In response to 796570686578

Better contact TAC to get this resolved!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
796570686578
Collaborator
‎2023-10-23 06:07 AM
In response to G_W_Albrecht

I was able to get it to work. The VM of my Management Server and AD also had an Interface on a different Subnet which acted as a Management Interface. This was also the Primary IP of my Management Server and once I integrated AD via the IP on that Interface, it worked on the first try...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events