This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2023-09-13 04:49 PM

AD user connection by IA blade using IDC

Hello,

A query, when using the IA blade with the IDC (Identity Collector).

With which commands can I see if a user appears "registered" in the GW?

I understand that there are commands like "pdp monitor..." is this correct?

For example I have a user "rchapin", who already logged in with his network credentials, and I want to see if he appears in the GW.
Any useful commands?

Now, a question related to this, if a user, manages to "log in" with his network credentials, this should appear in the 2 members of a Cluster?

Or is it only seen on the active member of a Cluster?

Greetings.

0 Kudos
12 Replies
the_rock
MVP Platinum
MVP Platinum
‎2023-09-13 05:28 PM

Hey bro, you can use pdp monitor, hit enter and it will give you options. Ie say user is matlu. command is pdp monitor user matlu

Andy

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-09-13 05:32 PM
In response to the_rock

Andy,

When an AD user logs in to the network, should this user be seen in both members of your cluster?

Or should the user only be seen on the active member?

For example, my user "matlu", if I have a Cluster, the "pdp monitor user matlu", must be seen in both members of the Cluster, in a mandatory way?

Regards

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-13 05:33 PM
In response to Matlu

Not 100% certain on that, but I believe only current active member, will check tomorrow.

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-09-13 05:53 PM
In response to the_rock

Ok, my friend.

Anyway, this question is related to the fact that I had a punctual problem with a user, that at a certain moment "could not" log in to the network, and we only visualize his "log" in the CLI of the active member of the Cluster, but not in the passive member.

Apart from the above, we observed the following log.

IA.png

It gives us the impression, that it has something to do with the AD, a responsibility of the AD itself, that probably, by an update in the same one, this user, at a certain moment, could not log in.

What do you think?

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-13 06:02 PM
In response to Matlu

I guess thats logical...you could always try pdp update all command and test.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-14 04:50 AM
In response to Matlu

Just checked bro and I only saw output on current active member.

Andy

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-09-14 10:19 AM
In response to the_rock

Andy,

I guess this behavior is normal, in a ClusterXL (Active-Passive) environment.

But it seems that in an environment that you use the ClusterXL in a "Load Sharing - Unicast" mode, the validation of a network user, is done on the 2 members of the Cluster (This is what I am validating right now).

I have a customer, who has configured the Cluster, in Load Sharing mode, and I really don't understand why they decided to implement it that way.

Is it that Load Sharing offers more "stability" than a traditional Cluster?

Regards.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-14 10:21 AM
In response to Matlu

I suppose in load sharing, it would make sense to see it on both members. Personally, I would never deploy LS cluster, seen it before in production have so many issues.

Just my personal opinion.

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-09-14 10:49 AM
In response to the_rock

Sorry,

I just rechecked the 2 clusters.

The ClusterXL in "Active-Passive" mode, the network user, appears to me in the 2 cluster members.

The ClusterXL in "Load-Sharing_Unicast" mode, the network user, does not appear in any of the 2 cluster members.

I am validating the user with the command "pdp montitor user <username>", but in the Cluster in LS mode, the user does not appear, in none of the 2 members.

LS1.png

It seems too strange to me.

I don't know if it could be a problem of the Cluster mode type 😕

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-14 10:54 AM
In response to Matlu

I would call TAC and maybe get remote going, hard to say why it fails.

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-09-14 04:49 PM
In response to the_rock

Hello,

We had a session with the TAC, but without achieving a solution so far.

The problem so far is focused on 1 user.

This user does "appear" in our Cluster-1, but does not appear in Cluster-2.

We checked the IDC, and although the user was no longer in working hours, we wanted to check his logs, and the only thing we found is a log that is related to the year 2022.

It is very strange.

A doubt, the logs that you see in the IDC, are they only in real time?
Or for example, can you see the logs of "logueo" of yesterday, or 1 week ago?

Greetings.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-09-14 06:33 PM
In response to Matlu

I believe its only in real time.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events