This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prashant_YADAV1
Contributor
‎2022-09-25 10:37 PM

Identity collector and user directory relation

Hello Experts,

 

I need clarification on identity collector and user directory relations while identity a user and mapping that user to the Right access role.

Basically, we have configured to get identity with multiple ad servers with the help of an identity collector ,,,

sometimes we have issues with the user who is configured with some user access role like identity-Facebook-user (this group is using the LDAP user inside it)

 

what I like to understand is the usage of the user directory option in each gateway.

by default all user directories are selected ..should I select the user directory which is related to each gateway and set the priority on each gateway object to make it work every time 

attaching a screenshot of user directory setting 

Preview file
40 KB
0 Kudos
5 Replies
_Val_
Admin
Admin
‎2022-09-25 11:49 PM

The use case is not clear. Please elaborate with more details and desired results.

0 Kudos
Prashant_YADAV1
Contributor
‎2022-09-26 05:15 AM
In response to _Val_

Hello Val,

Thanks for quick reply .

Use case is simple.

to create is user access role based on ldap group membership and then applied the user access role to FIrewall(application+url blade) to filter some traffic like facebook or allow something like Dropbox.

Access work some time and sometime end user just loose there access role while checking pdp m user info in gateway.

user shows as identified user but the access role which i has applied in past lost for some reason.

Thanks 

0 Kudos
_Val_
Admin
Admin
‎2022-09-26 05:23 AM
In response to Prashant_YADAV1

How do you build your rulebase? How do you configure your Identity collector? What is the version in use?

0 Kudos
Sorin_Gogean
Advisor
‎2022-09-27 05:05 AM
In response to Prashant_YADAV1

Do some reading in regards to AD Global Catalog (sk134292)  as you might want to use that too....

 

It can happen, that in some cases, user is identified correctly, but mapping to AD Group is not happening. This could be, because at a search of AD Groups for that particular user is not returning the proper group, either because it's not finding it or because the AD Group is chained and it can go to a certain depth.

 

Can you provide screenshots with an user identified and mapped properly and one that is not .

 

ty,

PS: we have similar behavior with identities received from ISE and with Global Catalog we should fix that. (still in PoC/tests)

 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-09-26 12:26 AM

I would suggest to contact TAC ! Moved to Gateways as this hardly is a General Topic!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events