This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Kanaszka
Advisor
‎2024-01-04 02:29 PM
Jump to solution

ipassignment.conf and LDAP grop

Hello again.

 

Continuation of a previous post but the old post is marked as resolved (because it was) to allow contributor to receive credit.  😊

In a nutshell - we need to limit access to a network host to a small group of 5 individuals.  The solution has to work with NAT (Identity Awareness is out as it doesn't work with NAT).  This solution will be used for WFH users - the current OM IP pool is Nat'd to the internal interface of the Check Point.  

My solution:

I'd like to configure the ipassignment.conf file to assign a range of IPs to my already existing AD group - then limit access to the resource based on the static IPs. (This will be used for WFH users).

 

What I've done:

  • Created a draft of my ipassignment.conf file

 

Here is how my ipassignment.conf file will look referencing SK:  sk33422 

#Gateway             Type             IP Address                User Name

==================================================

IP of gateway        range          10.0.0.0-10.0.0.5       Test Group  (AD group)

 

  • Created an LDAP Account Unit that points directly to my AD group - so the UID is my group. 
  • Trying to create an LDAP Group Object that the ipassignment.conf file can reference.  The Group's scope is the first option - "All Account-Unit's Users"

 

Questions:

  1. Unfortunately, my AD security group contains a space in the name.  When I try and create the LDAP group, I'm receiving the error "Object name contains space..."  How can I get around this?  
  2. Will this plan work?  🙄

 

Thank you, and as always - any help is always much appreciated!

 

Best Regards,

 

Joe

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-01-04 02:42 PM
Jump to solution

Even if you could get past the UI validation in SmartConsole, I suspect that space will be problematic in ipassignment.conf as well.
Change the name to something without a space.
Otherwise, this should work.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
‎2024-01-04 02:42 PM
Jump to solution

Even if you could get past the UI validation in SmartConsole, I suspect that space will be problematic in ipassignment.conf as well.
Change the name to something without a space.
Otherwise, this should work.

Joe_Kanaszka
Advisor
‎2024-01-04 03:09 PM
In response to PhoneBoy
Jump to solution

Ok cool. Thank you!  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events