checkpoint and active directory r65

Posted on 2007-10-18
Medium Priority
Last Modified: 2013-11-16
I'm doing a fres install of Checkpoint NGX r65

Can you give give me some tips on how to setup a link to active directory. I had R55 before and used ldap auth but i have purchased smart directory and would like to integrate it with active directory.

I'm not a expert at checkpoint so plz bare with me.

Question by:smjaleel
LVL 12

Accepted Solution

srikrishnak earned 672 total points
ID: 20146937

Assisted Solution

sabioit earned 664 total points
ID: 20239121
I am no sure about what do you mean with ( purchased smart directory)

but is easy to setup you need an extra license in order to incorporate checkpoint to active directory

I will recommend you call checkpoint they will explain you about the required license
They also can show step by step how to set it up if you buy the license

If you need someone to help you  Let us know we can provide you with that services and more
LVL 14

Assisted Solution

grimkin earned 664 total points
ID: 20239984
Hi there, once you have ytour active directory set up and working, you need to go into checkpoint and enable "Smart Directory(LDAP)" in Global Properties. You then need to set up a host node for the AD server and then configure an "LDAP Account Unit" under the "Servers and OPSEC applications" tab.

In the properties of your new LDAP Account Unit, change the profile to Microsoft_AD in the drop-down, then go to the servers tab. Clieck "Add" and select your previously configured host-node from the drop-down then put in your AD admin details or whatever account you wish to use for the ldap lookups (in the form: ou=mydomain,dn=administrator) and password.

Next go to to the "Object Management" tab, selcect your server from the drop-down and either click "Fetch branches" if enabled or click "Add" to add an LDAP branch. If all the info is correct you should now be able to integrate with AD. The SmartCenter NGX Userguide which you can download from CP covers this topic from page 161 onwards so it's worth a look at. Let me know any problems yu run into and we can try and iron them out,



Author Comment

ID: 20328033
Ok well i've gootten that far.

I have the active directory setup now and the firewall is working but i cant seem to make any rules for clientauth. They just refuse to work

I'm using manual authentication to i telnet to port 259 on the firewall and login its says accepted for 1 rule and i get no internet

but if i do a rule called alloy any source any destination allow it works great...

any suggestions or tips on rule making


Expert Comment

ID: 20698947
Forced accept.

EE Admin

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question