This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marcos_Bezerra
Participant
‎2021-06-01 11:53 AM

Issues with Identity Sharing (r80.30 jumbo228)

Hi community!

we have this costumer, and we are experiencing some issues with identity sharing.

they have 2 locations with checkpoint gateways.

 

GT1 and Cluster-1.

GT1 and Cluster-1 are connected via MPLS

we noticed when a user connects on GT1 using Endpoint Client, and authenticates with an AD user, the identity is not shared to Cluster-1, and so this person cannot access the resource that is behind Cluster-1.

BUT, when they use a local user that was created on GT1, and connects to the VPN the identity is shared to Cluster-1 and they can access the resource.

both Cluster-1 and GT1 are managed by the same management server, and both are on R80.30 J228.

 

I´m attaching a screenshot, where you can see, the local user is shared to the PEP, but the AD user is not.

Preview file
447 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-06-02 08:51 AM

Have you configured Identity Sharing between the gateways?
This is not enabled by default.

0 Kudos
Marcos_Bezerra
Participant
‎2021-06-02 09:13 AM
In response to PhoneBoy

Hi PhoneBoy, yes, it is enabled on both the Cluster and individual gateway.

so much so that the Local identities from GT1 are shared to Cluster-1, but only the local users, as you can see from the print, thats the weird part... I already have a case open with TAC and i´m waiting for them to reply.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-02 12:58 PM
In response to Marcos_Bezerra

If some identities are being shared but not others, that definitely doesn't sound right.
@Royi_Priov 

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events