AnsweredAssumed Answered

(AD Query or IC Server) and IA Agent Deployments

Question asked by aaronfb07f559-0dba-414d-89f7-f20d86b45872 on Aug 7, 2018
Latest reply on Sep 24, 2018 by Scott Bily



I was wondering if someone could advise on the below:


We have both Prod and Non Prod Checkpoint Domains, which uses AD Query:


  • AD Query sources are the same for Prod and Non Prod
  • Prod share identities to all other gateways but not to Non Prod as different domain.




  • We have had logon issues where DC1 of 4 has required restarting and those users authenticated by it were not allowed via IA, potential issue with security logs being truncated and WMI issue (required restarting), have not been able to repeat
  • Our TS multi user agent can only connect Prod as preference is for Prod IA Gateway, until we change preference to Non Prod IA gateway. This is by design and could only be fixed by sharing identities between Prod/Non Prod (no possible as multidomain?) or we need TS servers for Prod and Non Prod and not combined for management.


I would like to deploy the IA Agent but users will have the above TS issue when connecting to Prod/Non Prod. Forcing them to select the required IA Gateway for each domain. IA Agent is preferred to allow transparent subnet roaming without creating a security event.  


I was wondering if anyone was deploying both (AD Query and IA Agents) or (IA Collector Server and IA Agents) as this would provide redundancy and fix our issue with different domains. 


Appreciate your help