for Identity Awareness we are using Active Directory. As we use 2 factor authentication for VPN, the users are not recognized as the AD-Users only as Users of a Radius Group. So the rules made for these Users are not matching.
I do not know how to match these Users.
Also if the user is also an Administrator and needs sometimes access to Systems that are not in his default user rule he has to Identify as another user on the IA Portal. But this would be a rare problem.
Apart from that I don't know how to put an explicit RADIUS User in a Rule without defining the User in the Checkpoint Firewall.
I have made a Service Request. So we will see if there is a better aproach.