This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lesmona
Participant
‎2025-09-05 12:29 AM
Jump to solution

Identity Awareness randomly loosing identitys

Hello everyone, I use Identity Awareness on all our gateways. We get the identities from the Identity Collector, which I installed on each domain controller. Most locations have only one DC. The problem I'm having is at the main site. I have three domain controllers with three Identity Collectors there. It's working quite well so far, but unfortunately, sometimes individual users lose their identity. From one second to the next. I then see in the log that only the IP address is displayed and no longer the username! I've attached a screenshot of the log. In this example, the user "Emanuel" suddenly loses his "identity." This is, of course, extremely unfortunate, since our rules are based entirely on Identity Awareness. I checked in the CLI whether the gateway still recognizes the user and has the correct IP assignment. Result: Yes, everything is still there. The IP address matches the username. Nevertheless, as you can see, he falls into a drop rule. I suspect it's a timeout issue. Perhaps an idle timeout? I just can't find a way to increase the timeout. Or am I on the wrong track and do you have another solution? Thank you very much for your help.
Preview file
97 KB
0 Kudos
1 Solution

Accepted Solutions
lesmona
Participant
‎2025-09-08 07:11 AM
In response to the_rock
Jump to solution

sorry :  pdp control sync

 

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2025-09-05 10:20 AM
Jump to solution

Without knowing more about your environment, which includes:

  • Version/JHF of gateways and management
  • Version of Identity Collector
  • The relationship between Identity Collector, Active Directory, and Gateways

It's hard to know where to start on this.
The actual log in/out events, which are shown in the screenshot provided, should be reviewed to see if they provide any clues.
You will need to see the full log card. 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-09-07 12:21 PM
Jump to solution

This is the IA debug TAC gave me while back, so you can definitely run it and see if it helps. I do agree with Phoneboy that we need full log details, just blour out any sentisive data.

Andy

debugs:

 

# cd $FWDIR/log
# rm pdpd.elg.*
# echo "=debug_start=" >> $FWDIR/log/pdpd.elg
(•) To turn pdp debug on:
# adlog a d on
# pdp debug on
# pep debug on
# pdp debug set all all
(•) Replicate the issue
(•) To turn them off:
# adlog a d off
# pdp debug unset all all
# pdp debug off
# pep debug off
# pdp d reset
# pep d unset all all
Collect debug:
$FWDIR/log/pdpd.elg
# tar zcvf pdpd_debugs.tgz pdpd.elg*
# tar zcvf pepd_debugs.tgz pepd.elg*

0 Kudos
lesmona
Participant
‎2025-09-08 07:04 AM
In response to the_rock
Jump to solution

Hello everyone,
I've learned something new: the "pdp control sync" command fixes my problem, and it works again immediately. Now, of course, the question is why the database isn't replicating properly in the cluster system with R81.20 Take 113. Are there any settings or something similar?

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-09-08 07:06 AM
In response to lesmona
Jump to solution

Just tried it on both R81.20 and R82. but get below...

Andy


[Expert@CP-FW-01:0]# pep control sync
Command: root->control
Unknown option: sync

Available options:
portal_dual_stack - portal dual stack (IPv4 and IPv6) support
extended_info_storage - should the PEP store extended identities info for debugging or not
tasks_manager - the task manager menu
kbuf_cache - Kbuf cache configuration
gbuf_cache - Gbuf cache configuration
identity_cache_mode - Identity Cache mode configuration

[Expert@CP-FW-01:0]#

0 Kudos
lesmona
Participant
‎2025-09-08 07:11 AM
In response to the_rock
Jump to solution

sorry :  pdp control sync

 

the_rock
MVP Gold
MVP Gold
‎2025-09-08 07:12 AM
In response to lesmona
Jump to solution

Thats better : - )


[Expert@CP-FW-01:0]# pdp control sync
a sync message will be sent to relevant gateways
[Expert@CP-FW-01:0]#

0 Kudos
lesmona
Participant
‎2025-09-09 12:29 AM
In response to the_rock
Jump to solution

 
I have to manually initiate the sync every now and then. Is there a way to check why this is happening? I can't do this manual sync multiple times a day when it should happen automatically.
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-09-09 03:22 AM
In response to lesmona
Jump to solution

How often though?

Andy

0 Kudos
lesmona
Participant
‎2025-09-09 04:39 AM
In response to the_rock
Jump to solution

today like 10 times.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-09-09 04:41 AM
In response to lesmona
Jump to solution

That is not normal, for sure. I would open TAC case to investigate.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-09-09 08:13 AM
In response to lesmona
Jump to solution

Running the command periodically via cron might be a good idea in the short term while you investigate the issue with TAC,

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events