Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jonathan
Collaborator

user details from MAB don't propegate to other blades

Hi,

We have two gateways, one behind the other. Let's call them FrontGW and BackGW.

Users connect from home to FrontGW using SSLVPN and identify with an ActiveDirectory username.

They need to have RDP access to a server that is behind the BackGW.

On the FrontGW we configured a Native Application that allow RDP access to the server and created a rule based on Identity Awareness.

On the BackGW I want to allow access also based on Identity Awareness, but in the logs I see the BackGW doesn't recognize the username, only the FrontGW does.

What am I missing here?

Thanks

0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend

1) Make sure the "Remote Access" checkbox is set on the IA screen of the FrontGW gateway/cluster object

2) On the IA...Identity Sharing screen make sure "Share local identities with other gateways" is checked on FrontGW, and that "Get Identities from other gateways" is checked and configured on BackGW

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Jonathan
Collaborator

Thanks Timothy, the "Get Identities from other gateways" checkbox was really missing. 

Now i see the usernames in the logs from the BackGW.

However, now for some reason the BackGW ignores the access rule I created using an Access Role object with the same user, and drops the traffic on the cleanup block rule.

Needless to say, if I create the access rule using IP address is works.

0 Kudos
Jonathan
Collaborator

Well, apparently, after enabling the "Get identities..." on the BackGW, it stopped processing IA from terminal servers we have with agents installed.

In the checkpoint logs I didn't see any data in the Source User column.

Only after disabling the "Get identities" feature on the BackGW and pushing policy on both GW did the problem resolved.

TS agents are configured to access the BackGW, so I don't see why there should be any conflict.

0 Kudos
PhoneBoy
Admin
Admin

What release are you running?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events