This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
Legend Legend
Legend
‎2018-12-06 02:59 AM
Jump to solution

SMB Remote Access AD users

A customer reported that after updating the firmware from R77.20.75 to R77.20.8x on locally managed 730, RA VPN clients could no longer authenticate with AD credentials as the SMB GW did not communicate with the AD anymore. It needed an adjustment for different parsing of OUs in AD - but i could find no documentation or remark about this. Did anyone experience the same issue ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2018-12-06 06:41 AM
Jump to solution

Customer explained that he originally had restricted the AD to a branch containing all windows user groups needing RA VPN access.

Now he had to use a OU branch containing also users from the AD VPN group.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
6 Replies
Mike_A
Advisor
‎2018-12-06 04:20 AM
Jump to solution

Gunther,

We had this issue, it seemed to link with the firmware upgrade but in our instance it was related to the upgrade of the MDS from R77.30 to R80.10. LDAP (TCP389/636) was not sent across the tunnel but observed being sent out the WAN interface on the SMB device. After following sk92281 we were able to fix our issue. 

G_W_Albrecht
Legend Legend
Legend
‎2018-12-06 04:50 AM
In response to Mike_A
Jump to solution

That is surely a different issue and not connected to implied rules.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Mike_A
Advisor
‎2018-12-06 04:58 AM
In response to G_W_Albrecht
Jump to solution

You are correct. I saw the "clients could no longer authentication with AD" and immediately thought of the issue we had. Sorry to muddy the water. 

0 Kudos
Pedro_Espindola
Advisor
‎2018-12-06 05:08 AM
Jump to solution

Local or central management?

G_W_Albrecht
Legend Legend
Legend
‎2018-12-06 05:39 AM
In response to Pedro_Espindola
Jump to solution

Cought me red-handed  - locally managed, i added that to the question...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-12-06 06:41 AM
Jump to solution

Customer explained that he originally had restricted the AD to a branch containing all windows user groups needing RA VPN access.

Now he had to use a OU branch containing also users from the AD VPN group.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    Top