We have a cluster of 2 checkpoint appliances running Gaia r77.30 and have enabled Identity Awareness in order to enforce User Based Policy.
I've noticed that Checkpoint doesn't recognize/match Groups such as Domain Admins, Domain Users etc i.e when I create an App rule with a User/Access Role that contains the "Domain Admins" group, that rule doesn't match.
It seems to me that Default AD Groups don't work for Checkpoint. Also "Domain Users" group doesn't show up in the list of AD Groups.
The aforementioned situation arises both in clientless identity acquisition as well as in cases with the Identity Agent installed.

Any help would be highly appreciated.