Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sanjay_S
Advisor

Identity Awareness stopped working after upgrade

Hi All,

We upgraded the VSX cluster from R77.30 to R80.30, since then Identity awareness stopped working. I am not able to create a new access role where the AD is reseting the 636 packet. But AD is reachable from firewall. Is this anything to do with TLS version or any SSL setting needs to be checked after upgrading? Please suggest.

0 Kudos
2 Replies
Royi_Priov
Employee
Employee

Hi @Sanjay_S ,

It sounds like the communication to the AD server indeed is not working. When creating an access role, the communication is between mgmt server and the AD, while Identity Awareness enforcement requires the GW to communicate with the AD server.

You have mentioned port 636, which points to the fact you are probably using LDAP over SSL.

Have you tried to refetch the fingerprint inside the LDAP account unit object? please do so, and install policy afterwards.

If the issue still exists, I suggest contacting Check Point support.

 

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
Borut
Contributor

Hi

We sometimes forgot to turn on NTLMv2 support after upgrading and IA was not working. Not sure if the symptoms match.

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_IdentityAwareness_AdminGuide...

 

0 Kudos