This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jaroslaw_Pietra
Participant
‎2018-08-10 12:44 PM

700 and Azure AD

Hi,

I am looking for some tutorial how to setup Active Directory on Azure and then connect device 700 for Identity Awareness.

I have already created AD on Azure, but I have no clue how to connect from 700 to this AD. I can see the External IP for this domain created, but when I try to use it I get message Connect to server failed: Unknown error.

Definitely I am missing something and tutorial or list of steps would help me.

cheers

yaric

3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-08-13 03:35 AM

Did you try the steps from Check Point 600/700 Appliances Administration Guide R77.20.80 p. 154 ?

To add an Active Directory domain:

1. In the Active Directory section, click New.

The Add new Domain window opens.

2. Enter this information:

Domain - The domain name.

IP address - The IP address of one of the domain controllers of your domain.

Note - 600 appliances only support IPv4 addresses. 700 appliances support both IPv4 and IPv6 servers.

User name - The user must have administrator privileges to ease the configuration process and create a user based policy using the users defined in the Active Directory.

Password - The user's password. You cannot use these characters when you enter a password or shared secret: { } [ ] ` ~ | ‘ " # + \

User DN - Click Discover for automatic discovery of the DN of the object that represents that user or enter the user DN manually. For example: CN=John James,OU=RnD,OU=Germany,O=Europe,DC=Acme,DC=com

3. Select Use user groups from specific branch only if you want to use only part of the user database defined in the Active Directory. Enter the branch in the Branch full DN in the text field.

4. Click Apply.

When an Active Directory is defined, you can select it from the table and choose Edit or Delete when necessary.

When you edit, note that the Domain information is read-only and cannot be changed.

When you add a new Active Directory domain, you cannot create another object using an existing domain.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Jaroslaw_Pietra
Participant
‎2018-08-14 08:05 AM

Thanks Günther for your answer. Obviously I read it. I think something I am missing on Azure side that connection is not getting established. That's the reason I asked for some tutorial on setup both sides Azure and 700.

However I have other domain set it up already on Synology device (it's not MS). But when I try to connect I get an error: "Stronger connection required" on Checkpoint device. Any advise here?

0 Kudos
Pedro_Espindola
Advisor
‎2018-08-14 09:54 AM

Hello Jaroslaw,

I have asked about this in this here: User Awareness with Azure AD on locally managed SMB

User awareness connects with a Windows Server with Active Directory service, which is not the case of the Azure AD service. You would need to add support for LDAP in the Azure AD service in some way. I don't know if there is an additional (paid) service which will support this.

I have not found a solution for this issue yet.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events