Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Harmesh_Yadav
Collaborator

After Upgrading R81 LDAPS communiction stops working

Dear Team ,

 

WE have  MGMT at HO location (VM) which we have recently upgraded from R80.30 to R81

 

 

And some branch location Security Gateways also we have upgraded To r81 from R80.30

 

HUB and Spoke topology - Star VPN is working properly earlier and after R81 some time we are getting disconnection issue .

 

Also I want to create User based Policy and want add user group in Access role for which i am getting error .

 

 I am enabling LDAPS and trying to fetch certificate but getting error

 

"Faild to connect to LDAP server connection failed

 

Traffic we can see from MGMT to Server till Branch Gateway after we are not getting traffic and in log -VPN encryption showing decryption not showing

 

Please give us idea if anyone have same issue .

 

Regards,

Harmesh Yadav

9978440755

 

 

Harmesh Yadav
0 Kudos
2 Replies
Harmesh_Yadav
Collaborator

Dear Team ,

 

I am waiting for your reply it will be very helpful

Harmesh Yadav
0 Kudos
Gabe_Flynn
Explorer

I know this is late, but as I recently ran across the issue after an upgrade I wanted to share what I found to fix my LDAPS issue.

 

After upgrading to R80.40 from R80.10 I was no longer able to fetch the fingerprints from the LDAPS servers. 

Looking in the logs, the connection attempt from the SMS to the remote LDAP servers was not being sent across the site-to-site VPN. Instead, it was being NAT'd out to the public IP address and attempting to reach the private IP address of the remote LDAP server.

It turns out, the LDAP service was hitting the implied rule for routing and never making it to the explicit rule to use the VPN connection. This is by design and can be changed using the SK and references below.

***** The change does not survive a major upgrade. *****

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos