This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sanjay_S
Advisor
‎2019-10-04 02:23 AM

Identity Awareness for Remote Access Users

Hi All,

We have enabled Identity Awareness blade yesterday, This has been enabled mainly for the Remote Access VPN users. I am able to fetch the details from AD and created the Access role for the specific group in the AD and provided ANY access for that particular group. But it doesn't seem to be working. User able to connect to Remote Access(Ex: User Bob logs in to RA i can see the identity awareness blade shows the login and logout details but the problem is it is not hitting the Any rule configured. So the users are not able to have complete access which they required. Please let me know how to proceed further on this.

 

Below are the details:

GW: R77.30 Take 225

MDS: R80.10 Take 121

 

Let me know if you need anymore details on this.

Thank you in advance.

 

4 Replies
FedericoMeiners
Advisor
‎2019-10-04 05:49 AM

Hello,

First of all make sure that Identity Awareness blade is active on your firewall.

Please look into the logs and see which rule is hitting that access. You can also use packet mode to test your policy: Packet mode 

___

 

____________
https://www.linkedin.com/in/federicomeiners/
Nick_Doropoulos
Advisor
‎2019-10-12 10:41 AM

Hello,

Based on the information you have provided, I would try to identify the firewall rule that does match the interesting traffic. You could achieve that by doing either of the following:

- Consult the logs on the manager

- Run fw ctl zdebug | grep <ip address of the remote acess user you test with> on the gateway and see what policy is dropping the traffic

Failing the above, you can place the Identity Awareness firewall rule right at the top of the rule base just for testing purposes and try again.

Once you have done the above, please share with us your findings along with the error encountered on the client side if any.

I hope this helps.

Maarten_Sjouw
Champion
Champion
‎2019-10-13 10:29 AM

Could it be that you have a desktop policy that does not allow the traffic, in other words is the traffic reaching the gateway at all?
Regards, Maarten
Sanjay_S
Advisor
‎2019-10-31 07:30 AM
In response to Maarten_Sjouw

Hi All,

We found the issue, we should have communication from our jump server from where we manage the smart console to the customer AD. After getting the access allowed from Jump server to customer AD on all High Ports the IA blade started working as expected. Thank you all for looking into it and suggesting.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events