This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AshleyM
Participant
‎2020-04-21 07:16 AM
Jump to solution

Identity Awareness (AD Query) not applying Identities in Rulebase

Hello,

I'm looking at an issue with Identity awareness AD Query. From looking at the CPview, pdpd & pepd debug files I can see that identities are being gathered and stored on the gateway; PDP monitor has confirmed this. On the central management server, I am able to create access roles with the correct AD account set within & add them to the rulebase. However when testing the rule, my traffic hits the cleanup rule and is skipping the AD rule I have set. 

I am struggling to understand why this is happening as the gateway has knowledge of each AD user and associated IP address, as far as I can see all the required services are up. The gateway is also actively receiving events from multiple domain controllers.

Gateway is R80.20 Take 19 IAAS Azure

Management is R80.30 

Is anybody able to point me in the right direction?

Labels
0 Kudos
1 Solution

Accepted Solutions
AshleyM
Participant
‎2020-09-23 04:46 AM
In response to PhoneBoy
Jump to solution

Hi,

 

I went back over the LDAP configuration again & found that the information in the LDAP account was correct. However when I took a look at the access roles in use I found they were pointing towards another LDAP account present on the management server, once I changed it to the new LDAP account I had created it started working. I'm now in the process of removing the obsolete LDAP accounts from the management server.

 

Thanks all for your help.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-04-21 11:40 AM
Jump to solution

Have you verified the LDAP portion of the config is correct and working?
This is needed to correctly associate users with their groups, and thus their access roles.
0 Kudos
AshleyM
Participant
‎2020-04-22 07:19 AM
In response to PhoneBoy
Jump to solution

Thanks for your response @PhoneBoy , yes I believe it is all correct and working. The Account used is a domain administrator & I can see the AD user information such as group membership is being pulled through, both when adding users to access roles on the management server & when running a PDP monitor on the gateway.

It looks like all the required information is present on the gateway but just not being used.

0 Kudos
David_C1
Advisor
‎2020-04-22 07:31 AM
In response to AshleyM
Jump to solution

Have you verified the pepd daemon is running?

Here a couple useful commands to test if pepd is doing its job

#pep show stat – shows basic status of PEP

#pep show pdp all – shows status of PDPs

#pep show user query usr <username> – shows identity status of single user. Useful to confirm that the PEP has received identity data from PDP.

#pep show user query cid <IP address> – shows identity status of single IP address

Dave

 

 

0 Kudos
AshleyM
Participant
‎2020-09-23 04:46 AM
In response to PhoneBoy
Jump to solution

Hi,

 

I went back over the LDAP configuration again & found that the information in the LDAP account was correct. However when I took a look at the access roles in use I found they were pointing towards another LDAP account present on the management server, once I changed it to the new LDAP account I had created it started working. I'm now in the process of removing the obsolete LDAP accounts from the management server.

 

Thanks all for your help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events