This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
charlie
Participant
‎2022-01-27 07:43 AM

VPN client auth with Ldap AU

Hello,

I 've configured the Checkpoint VPN client and it's works for the users defined as checkpoint local userid.

Now I need to move the Auth to the Customer AD. I have a Ldap Account Unit that point the customer AD so how I can set the Checkpoint to send the auth process to the Ldap AU?




0 Kudos
1 Reply
Joseph_Audet
Ambassador
Ambassador
‎2022-01-27 09:10 AM

Provided that everything is working with your remote access IPSEC VPN config / LDAP account unit, the next step to 'enable LDAP authentication' would be to create an access role, bind it to an AD user or group, and add that access role to your access policy. This is assuming the default authentication mechanism of username + password.

By doing this, you will enable the gateway to successfully match a user search against a rule that allows them to connect. I attached an example from my lab where I added a group from AD to an access role.

See admin guide info on:

Access roles:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

Retrieving Information from a User Directory Server:
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

Preview file
65 KB
0 Kudos