Hello,
We are in the process of setting up Identity Awareness with Azure AD. Earlier, we have used IA with AD on-prem with great success , but we have now "moved" many of our PCs and users to Azure AD. We have followed the admin-guide and this video: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_IdentityAwareness_AdminGuide/Topic...
Unfortunately, we don't see any identities in the logs, and we are not able to get any hits on the access rules we are testing against.
We are using the same layered rule that we have used with IA and AD on-prem, and have added the access role group to the access rule/layer which contains our Azure AD group (and test user), but when testing from a computer, the layered access rule does not get any hits.
The testuser within the access role group do not hit rule 38, but hits rule 39 further down:
Rule 38 is supposed to allow the users in the access role group access to some external urls, while blocking the rest of the internet.
We have connection OK from Smart Console to Azure AD:
And we're able to pick both groups and users from Azure AD in our Access Role Group:
The admin guide didn't specify that we had to add users to the Enterprise Application i Azure AD, but we have also tested that in an effort to get this to work:
Any suggestions to what we might have missed during our setup?
(HTTPS inspection is enabled on the network we are testing from)
BR,
FrodeHK
| User | Count |
|---|---|
| 12 | |
| 12 | |
| 8 | |
| 6 | |
| 5 | |
| 5 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
