This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
Authority
Authority
‎2023-06-07 11:57 AM

rule with access role does not match

central managed SMB gateway (1570, Smart-1 cloud), LDAP-Account unit with enabled ad-proxy feature.

We can browse the local ActiveDirectory and create access roles with AD groups. For remote access we create a rule with the access role as source. Users can authenticate with their AD accounts successful, but connections to internal resources are dropped. Changing the source to „any“ everything is working fine.

On the gateways Identity Awareness settings only remote access is enabled. I think this should be enough, we need access roles only for remote access. But it looks like the users are not identified.

Any ideas?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-06-12 08:05 AM

Remember that "groups" come from LDAP and the gateway itself needs to be able to talk to the relevant LDAP server to retrieve them.
Have you checked this?

Wolfgang
Authority
Authority
‎2023-06-13 12:34 AM
In response to PhoneBoy

Yes, this works. We are using the same gateway as AD-proxy and we have no problem discovering the AD via this AD-proxy and adding users from AD to the accessrole.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-13 10:51 AM
In response to Wolfgang

I suspect AD Proxy and pdp are occurring through different code paths.
Did you actually check on the SMB gateway itself that it can reach LDAP and is making the appropriate LDAP queries? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events