Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Abeja_huhuhu
Contributor
Jump to solution

identity Awareness (LDAP and AD Query) failed to connect to AD server behind VPN peer gateway

Hi Guys,

it has been long time since my last post here. I have a quick question. Currently we have one issue which a bit confusing for us. We have a Check Point firewall configured with identity awareness which at the same time have 2 VPN tunnel currently active. the identity awareness should be connecting to 3 AD server to provide redundancy should one/two of the server not available for service. 2 of the AD server is currently connected behind each VPN Peer. So we are expecting that each time the management server and gateway want to fetch user information from the 2 AD server, it should be connecting to VPN tunnel. However, based on the logs we can see it does not go thru VPN tunnel. Below are the steps that we have tried.

(How we test)

Creating a test LDAP profile for AD, after configuring we tried to fetch users to the remote AD and we find the management server successfully connected to the remote AD servers. The logs shows that the testing traffic able to connect and using VPN tunnel to communicate to the remote AD. However, after pushing/installing the policy to the firewall, we found out that management and gateway not able to connect to the remote AD. traffic logs shows that the connection does not flow thru VPN tunnel as per previous test. We can confirm that client PC able to connect to the remote AD thru VPN tunnel.

(Troubleshooting Steps)

1. Based on the logs we can see that the traffic is being processed by implied rule. Due to this, we have checked the global properties and change the rules for identity awareness to be process "before last" so it will be able to hit the VPN rules and installed policy as usual. However, it still does not solve the issue. the connection still using implied rule and does not use any VPN tunnel to connect to the remote AD.

2. We have also refer to sk105950 to further troubleshoot. We simulate the activity again. Based on the debug logs we couldn't find anything related to the KB.

Please help, there might be something that I have missed out.

Looking for guidance.

😁

 

0 Kudos
1 Solution

Accepted Solutions
D_TK
Advisor

Have a look at sk26059, it resolved a very similar situation for me a few years back.

 

 

View solution in original post

(1)
2 Replies
D_TK
Advisor

Have a look at sk26059, it resolved a very similar situation for me a few years back.

 

 

(1)
Abeja_huhuhu
Contributor

Hi @D_TK ,

you have save our day here. that is exactly what we are looking for. I have followed the SK and it solve our issue.

 

thanks for your help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events