checkpoint and active directory r65

I'm doing a fres install of Checkpoint NGX r65

Can you give give me some tips on how to setup a link to active directory. I had R55 before and used ldap auth but i have purchased smart directory and would like to integrate it with active directory.

I'm not a expert at checkpoint so plz bare with me.

Who is Participating?
I am no sure about what do you mean with ( purchased smart directory)

but is easy to setup you need an extra license in order to incorporate checkpoint to active directory

I will recommend you call checkpoint they will explain you about the required license
They also can show step by step how to set it up if you buy the license

If you need someone to help you  Let us know we can provide you with that services and more
Hi there, once you have ytour active directory set up and working, you need to go into checkpoint and enable "Smart Directory(LDAP)" in Global Properties. You then need to set up a host node for the AD server and then configure an "LDAP Account Unit" under the "Servers and OPSEC applications" tab.

In the properties of your new LDAP Account Unit, change the profile to Microsoft_AD in the drop-down, then go to the servers tab. Clieck "Add" and select your previously configured host-node from the drop-down then put in your AD admin details or whatever account you wish to use for the ldap lookups (in the form: ou=mydomain,dn=administrator) and password.

Next go to to the "Object Management" tab, selcect your server from the drop-down and either click "Fetch branches" if enabled or click "Add" to add an LDAP branch. If all the info is correct you should now be able to integrate with AD. The SmartCenter NGX Userguide which you can download from CP covers this topic from page 161 onwards so it's worth a look at. Let me know any problems yu run into and we can try and iron them out,


smjaleelAuthor Commented:
Ok well i've gootten that far.

I have the active directory setup now and the firewall is working but i cant seem to make any rules for clientauth. They just refuse to work

I'm using manual authentication to i telnet to port 259 on the firewall and login its says accepted for 1 rule and i get no internet

but if i do a rule called alloy any source any destination allow it works great...

any suggestions or tips on rule making

Forced accept.

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.