- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi All,
We upgraded the VSX cluster from R77.30 to R80.30, since then Identity awareness stopped working. I am not able to create a new access role where the AD is reseting the 636 packet. But AD is reachable from firewall. Is this anything to do with TLS version or any SSL setting needs to be checked after upgrading? Please suggest.
Royi_Priov
Hi @Sanjay_S ,
It sounds like the communication to the AD server indeed is not working. When creating an access role, the communication is between mgmt server and the AD, while Identity Awareness enforcement requires the GW to communicate with the AD server.
You have mentioned port 636, which points to the fact you are probably using LDAP over SSL.
Have you tried to refetch the fingerprint inside the LDAP account unit object? please do so, and install policy afterwards.
If the issue still exists, I suggest contacting Check Point support.
Hi
We sometimes forgot to turn on NTLMv2 support after upgrading and IA was not working. Not sure if the symptoms match.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY