Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Issues with Identity Sharing (r80.30 jumbo228)

Hi community!

we have this costumer, and we are experiencing some issues with identity sharing.

they have 2 locations with checkpoint gateways.

 

GT1 and Cluster-1.

GT1 and Cluster-1 are connected via MPLS

we noticed when a user connects on GT1 using Endpoint Client, and authenticates with an AD user, the identity is not shared to Cluster-1, and so this person cannot access the resource that is behind Cluster-1.

BUT, when they use a local user that was created on GT1, and connects to the VPN the identity is shared to Cluster-1 and they can access the resource.

both Cluster-1 and GT1 are managed by the same management server, and both are on R80.30 J228.

 

I´m attaching a screenshot, where you can see, the local user is shared to the PEP, but the AD user is not.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Have you configured Identity Sharing between the gateways?
This is not enabled by default.

0 Kudos

Hi PhoneBoy, yes, it is enabled on both the Cluster and individual gateway.

so much so that the Local identities from GT1 are shared to Cluster-1, but only the local users, as you can see from the print, thats the weird part... I already have a case open with TAC and i´m waiting for them to reply.

0 Kudos
PhoneBoy
Admin
Admin

If some identities are being shared but not others, that definitely doesn't sound right.
@Royi_Priov 

0 Kudos