- Products
- Learn
- Local User Groups
- Partners
- More
Introduction to Lakera:
Securing the AI Frontier!
Quantum Spark Management Unleashed!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hello and thank you in advance.
We got trouble that we have CheckPoint are now managed by the same cloud.
Let says we got CheckPoint A and B now.
The AD (LDAP) server is located on A site now.
A and B sites just had a VPN community connection and we did confirm no communication error between sites.
At least, those Site B hosts can access the Site A LDAP for Domain authentication at the moment.
We set up the "identity awareness" on Site A Checkpoint and nothing outstanding, everything works well.
We then try to use the same configuration for the Site B Checkpoint to connect to the same AD over the VPN.
And it reported a connectivity issue and said the Site B Checkpoint NO connection to the remote site Server.
Why?
Version/JHF level?
Do you have identity sharing enabled between the gateways?
How are identities acquired? (AQ Query, Identity Collector, or?)
Version/JHF level?
the latest
Do you have identity sharing enabled between the gateways?
Should be no.
How are identities acquired? (AQ Query, Identity Collector, or?)
Just want to find an AD user name from the log.
Below the error message FYI.
This requires configuring Identity Awareness, which you are apparently trying to do.
For this to work, you must be running R80.20 and above and configure one of the gateways as an Active Directory proxy.
The same AD and Identity Awareness are just working for my 192.168.1.1 site.
For the 192.168.10.X checkpoint is not working... I have no idea how to let the 192.168.10.X checkpoint using the right route and source interface to access back the AD...
Based on the route debug and traceroute, I find it go outside the internet but not VPN to the AD...
Note that even though you did not explicitly configure it, the gateway is always included in the Encryption Domain.
However, you need to ensure the rules permit this traffic.
The traffic will probably come from the gateway's external IP, which is expected.
I even try to have a rule any source to any destination permit and still not works for me.
I also check the KB seems the 1500 series not supports having local connection to AD.
But seems using another Gateway Managed by the same SMS (We are Smart 1- Cloud) to share the AD is ok.
Might I know if you manipulate it also? Would like to knows the steps on how to configure it.
You can't use an SMB gateway as an AD proxy.
That is an RFE.
If you have a non-SMB gateway that is managed by the same AD server that also has access, you configure it per the docs I linked above.
So, there is no way for 1570 to connect the AD via VPN / Proxy now?
Correct, there is no way to do it with just SMB gateways.
Sorry, seems I missing one thing.
We are using 6000 formal Gaia OS gateway for A site.
Only B site uses the 1570.
Any chance has AD connected for this case?
The AD proxy is needed so Smart-1 Cloud can query your on-premise AD server.
Like I said previously, you need to configure Identity Sharing between the two gateways.
Please review the documentation I linked above.
Can your AD server accept LDAP requests on port 389?
If not, that also is a known limitation: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
14 | |
11 | |
7 | |
6 | |
6 | |
6 | |
6 | |
4 | |
4 | |
4 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY