Loading...
Loading...
In SmartConsole, there are no Identity Awareness logs for a specific user, although there are explicit Access Control rules for that user. ; Outputs of these commands on the Security Gateway are empty: adlog a query user <USERNAME> pdp m u <USERNAME> This means the Security Gateway did not receive events for that user and the Security Gateway did not authenticate that user. ; The $FWDIR/log/pdpd.elg log file on the Security Gateway contains these lines: [ADLOG_EVENT_PROCESS (TD::Surprise)] ADLOG::EventRejectRegExpFilter::acceptField: Field (username) rejected on filter pattern (^ SPECIFIC_USERNAME $) on value ( SPECIFIC_USERNAME ) [ADLOG_EVENT_PROCESS (TD::Surprise)] ADLOG::EventRejectRegExpFilter::acceptEvent: Event rejected due to field (username) on value ( SPECIFIC_USERNAME ) [ADLOG_EVENT_PROCESS (TD::Events)] ADLOG::EventHandler::processEvent: Event rejected by filter. [ADLOG_EVENT_PROCESS (TD::Events)] ADLOG::EventManager::processEvent: Event skipped, or processing failed.
If you are using the same account in the "LDAP Account Unit" object in SmartConsole and Domain Controller Administrator for logging into different machines, then AD Query excludes that account and rejects events related to it. As a result, the Security Gateway does not receive events for that account, cannot authenticate this account, and cannot enforce the Access Control rules for it.
Gaia
Click on a version to see all relevant bugs
Check Point Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.