checkpoint and active directory r65

Posted on 2007-10-18
Last Modified: 2013-11-16
I'm doing a fres install of Checkpoint NGX r65

Can you give give me some tips on how to setup a link to active directory. I had R55 before and used ldap auth but i have purchased smart directory and would like to integrate it with active directory.

I'm not a expert at checkpoint so plz bare with me.

Question by:smjaleel
    LVL 12

    Accepted Solution

    LVL 6

    Assisted Solution

    I am no sure about what do you mean with ( purchased smart directory)

    but is easy to setup you need an extra license in order to incorporate checkpoint to active directory

    I will recommend you call checkpoint they will explain you about the required license
    They also can show step by step how to set it up if you buy the license

    If you need someone to help you  Let us know we can provide you with that services and more
    LVL 14

    Assisted Solution

    Hi there, once you have ytour active directory set up and working, you need to go into checkpoint and enable "Smart Directory(LDAP)" in Global Properties. You then need to set up a host node for the AD server and then configure an "LDAP Account Unit" under the "Servers and OPSEC applications" tab.

    In the properties of your new LDAP Account Unit, change the profile to Microsoft_AD in the drop-down, then go to the servers tab. Clieck "Add" and select your previously configured host-node from the drop-down then put in your AD admin details or whatever account you wish to use for the ldap lookups (in the form: ou=mydomain,dn=administrator) and password.

    Next go to to the "Object Management" tab, selcect your server from the drop-down and either click "Fetch branches" if enabled or click "Add" to add an LDAP branch. If all the info is correct you should now be able to integrate with AD. The SmartCenter NGX Userguide which you can download from CP covers this topic from page 161 onwards so it's worth a look at. Let me know any problems yu run into and we can try and iron them out,



    Author Comment

    Ok well i've gootten that far.

    I have the active directory setup now and the firewall is working but i cant seem to make any rules for clientauth. They just refuse to work

    I'm using manual authentication to i telnet to port 259 on the firewall and login its says accepted for 1 rule and i get no internet

    but if i do a rule called alloy any source any destination allow it works great...

    any suggestions or tips on rule making

    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now