CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: SmartDirectory authentication over VPN-tunnel.

  1. #1
    Join Date
    2010-09-24
    Posts
    2
    Rep Power
    0

    Default SmartDirectory authentication over VPN-tunnel.

    Hello!
    I have a problem with smartdirectory authentication through site-to-site VPN-tunnel.
    On the main SG that connectet directly to LAN with Domain Controller is ok.
    Buth remote SG can't authenticate users by SmartDirectory: it sends ldap querries in clear over internet to the Domain Controller. I have no idea why.
    All other traffic originated from this gateway is encrypted.
    Is it possible to use authentication server from the remote site?

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    15

    Default Re: SmartDirectory authentication over VPN-tunnel.

    Check out sk26059 for a solution to this, it involves editing the $FWDIR/lib/implied_rules.def file.

  3. #3
    Join Date
    2010-09-24
    Posts
    2
    Rep Power
    0

    Default Re: SmartDirectory authentication over VPN-tunnel.

    Quote Originally Posted by ShadowPeak.com View Post
    Check out sk26059 for a solution to this, it involves editing the $FWDIR/lib/implied_rules.def file.
    Thank you very much!

  4. #4
    Join Date
    2011-01-21
    Posts
    20
    Rep Power
    0

    Default Re: SmartDirectory authentication over VPN-tunnel.

    I've seen an issue with this in R71 when trying to manage R65 gateways.

    The article 'fix' was in place on the old management station (R65) which was working fine but after the upgrade and re-implementing the changes (double and triple checked) the Firewalls continue to send the LDAP queries via the implied rules.

    I'll update this if/when we can work out what's going on!

    And yes the compatibility .def file has been updated also.

Similar Threads

  1. Use SmartDirectory and Internal Database
    By matlem037 in forum SmartDirectory/LDAP/Active Directory
    Replies: 2
    Last Post: 2009-09-15, 05:27
  2. Smartdirectory, AD and Radius
    By msjouw in forum SmartDirectory/LDAP/Active Directory
    Replies: 0
    Last Post: 2008-09-11, 02:47
  3. Smartdirectory with VPN Enterprise Center
    By djnet63 in forum Licensing
    Replies: 3
    Last Post: 2008-07-30, 06:33
  4. SmartDirectory - Encryption and SSO configuration w/ SD.
    By mangleii in forum SmartDirectory/LDAP/Active Directory
    Replies: 0
    Last Post: 2008-07-09, 16:32
  5. SmartDirectory Questions
    By lammbo in forum SmartDirectory/LDAP/Active Directory
    Replies: 7
    Last Post: 2008-04-14, 14:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •