This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
marcinw
Contributor
‎2022-02-17 01:41 AM

Identity Awareness secondary DC in remote location

Hi

 

I have lab, diagram below. On both gateways Identity Awareness is configured, however CHeckpoint-GW-1 communicates only with siteA-DC-2  and Checkpoint GW-2 communicates only with siteB-DC-1. I would like to add siteB-DC-1 to Checkpoint-GW-1 LDAP Account Unit.  But I see message "at least one dc is disconnected" .There is a VPN between 2 sites and all traffic between internal subnets is allowed. I suppose both GW are trying to reach remote DC with external Ip address 10.0.1.1 and 10.0.2.1 that is NATed and can't reach DC on the other site or maybe it is something different ? Is there any way to make it work ? 

 

 

Preview file
10 KB
Preview file
207 KB
0 Kudos
1 Reply
Thomas_Eichelbu
Advisor
Advisor
‎2022-02-17 03:17 AM

Hello, 

 

well if u configure IA and other builtin Check Point blades they mostly work via implied rules.
In that case it could be that the communucation to the remote AD server is NOT encrypted but sent in clear.
Did you check that? 
Is that communication running in clear text or encrypted ...

what you can do is to remove LDAP from the implied rules, or better said remove it from running in clear text.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

this might help ...
i have seen this pretty often when creating LDAP or Radius over VPN´s ... it always runs in clear but in should be encrypted!


0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events