- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello,
So recently we have noticed sporadic behavior where our gateways seem to ignore a rule in application control for our IT department users. we have it setup to identify these users via Active Directory using a security group. What we are seeing is it does not pick up on this rule and instead hits on a rule further down the rulebase that specifies the source as a network object instead of the AD security group. This also seems to be happening with other rules as well but much less frequently. ID awareness is working as the user is identified in the logs so I know it is at least communicating with AD.
This issue started happening after we upgraded our Management server to 80.10 but I don't think it is actually related to that.
we are currently on 77.30 with a 80.10 management server. The gateways are being replaced in about 2 weeks with newer hardware/80.10 builds. I am unsure what the best way to troubleshoot this issue is and would love to hear any suggestions on how I can proceed. If I cannot figure it out before we replace the gateways I will simply engage CP support at that time.
You might want to see what identities are acquired on the gateway.
I believe you can do this with the command adlog a dc.
You may also want to review: ATRG: Identity Awareness
Hey Devon,
Is those machines that ignoring the rules are accessible by multiple users.?
In other words : more than one person log-in to the same machine using his AD Cred.
I'm having a similar issue, except with Identity Collector. AD Query is disabled. R80.20, Take 17. Single user in a particular group, but the group rule gets skipped. How / when does the GW get group info for a particular user? What troubleshooting commands can be run to see what the GW knows about a user and what groups they are in?
The gateway is supposed to query the configured LDAP server to get the groups, regardless of whether you are using ADQuery or Identity Collector.
The ATRG I linked above should contain the necessary troubleshooting steps.
Try running these on the gateway:
pdp monitor user (username)
pdp monitor ip (IP address)
pdp monitor groups (groupname) - Shows all current known members of (groupname)
These commands will show the user/IP mappings and all group memberships cached on the gateway sliced and diced different ways. My understanding is that once a gateway forms a mapping (whether doing it locally via pdpd or getting it from the IC), the gateway will immediately query the domain for the group memberships and place them in the IA cache which is visible with the above commands.
--
CheckMates Break Out Sessions Speaker
CPX 2019 Las Vegas & Vienna - Tuesday@13:30
Thank you! The output of 'pdp monitor user xxxxx' showed me that the group I used in my access role (Domain_Users) was not tied to the user object. That led me to sk106328: Domain Users can not be added to Access Role. It is confusing because you can add it to the access role, but it just isn't used. We are building a hierarchy of rules from more specific to less specific to build out policies accordingly.
For example:
- User Group 1 (inline layer)
- User Group 2 (inline layer)
- All Other Authenticated Users (inline layer)
- All Unauthenticated Users (inline layer)
I was hoping to use 'Domain Users' to identify 'All Other Authenticated Users'. I'll try creating an LDAP Group per the sk article and see if that will do what I intended.
Thanks again for your help!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 13 | |
| 12 | |
| 9 | |
| 7 | |
| 7 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY