This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gurowar
Contributor
‎2024-01-15 02:53 PM

Pulling Active Directory Groups in to the firewall to create policies

Good day;

Hope all is well, I have a quick question is there a way from the firewall that I can pull a specific group defined in Active Directory and import that group to the firewall so I can create a policy from the AD group?  What I am trying to accomplish is that every time the AD group is updated that the same group on the firewall will poll any changes from the AD and update its user group or is that wishful thinking and all this has to be done manually.  So if someone new joins the company and AD gets updated I will have to go to the firewall and update that new person for access as well?  I hope that make sense.

Thank you in advance!!!

Warren

Labels
0 Kudos
8 Replies
the_rock
Legend
Legend
‎2024-01-15 02:58 PM

You dont have to do that, its all automatic. TAC told me once that sometimes it may take up to 15 mins, but I fins its way faster than that. Also, if you wish to use certain AD group, that can be done by creating access role, which you need identity awareness blade enabled on the fw.

Best,

Andy

0 Kudos
gurowar
Contributor
‎2024-01-16 06:44 AM
In response to the_rock

Really?!?! Perhaps I am not looking correctly but is there instructions on how to do that? I didn't find any so that is why I asked here.

0 Kudos
the_rock
Legend
Legend
‎2024-01-16 06:47 AM
In response to gurowar

No clue what instructions those are, if you can send, happy to check. Personally, I never ever had to do anything for it.

Best,

Andy

0 Kudos
gurowar
Contributor
‎2024-01-16 06:51 AM
In response to the_rock

Thats the thing, not sure how to start, I was just going to do it manually and add/remove folks as needed but then someone asked isn't there a way you can base it off an AD group and have the firewall pull it from there. I was hoping someone already done so and can point me in the right direction or point me to the documentation. If not, I will just do it manually

0 Kudos
the_rock
Legend
Legend
‎2024-01-16 06:54 AM
In response to gurowar

Here is what I would personally suggest...if you have to do this manually, something else is wrong. I would call TAC and do remote session, so they can examine the config. Is this onprem mgmt or S1C? Can you make sure branches can be fetched from ldap account unit? Also, say if you use IA blade, then when creating new access role, users should be able to be pulled from the AD 100% (thats mind you if all was syched right)

Andy

0 Kudos
gurowar
Contributor
‎2024-01-16 07:40 AM
In response to the_rock

ok thank you sir for the info, will talk to TAC

Thank you Andy for your help!!!

 

Thank you,

Warren

0 Kudos
Wolfgang
Authority
Authority
‎2024-01-16 12:21 PM

@gurowar if I understand your requirement correct you simple need to implement Identity Awareness to build a rulebase based on identities. Have look at Enforcing Security Based on Identities to understand how it works and how to build.

0 Kudos
gurowar
Contributor
‎2024-01-16 01:52 PM
In response to Wolfgang

Will check it out, thank you sir!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events