test_ad_connectivity
Description
This utility runs connectivity tests from the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. to an AD domain controller.
You can define the parameters for this utility in one of these ways:
-
In the command line as specified below
-
In the
$FWDIR/conf/test_ad_connectivity.conf
configuration file.Parameters you define in the
$FWDIR/conf/test_ad_connectivity.conf
file cannot contain white spaces and cannot be within quotation marks.
|
Important:
|
Syntax
|
|
Parameters
Parameter |
Mandatory / Optional |
Description |
---|---|---|
|
Optional |
Shows the built-in help. |
|
Mandatory Use only one of these options:
|
Prompts the user for the password on the screen. |
|
Optional |
Specifies the LDAP Search Base String. |
|
Mandatory Use only one of these options:
|
Specifies the user's password in clear text. |
|
Mandatory |
Specifies the domain name of the AD (for example, |
|
Mandatory |
Overrides the LDAP user DN (the utility does not try to figure out the DN automatically). |
|
Optional |
Specifies the AD fingerprint for LDAPS. |
|
Mandatory |
Specifies the IPv4 address of the AD domain controller to tested. |
|
Mandatory |
Specifies the IPv6 address of the AD domain controller to test. |
|
Mandatory |
Specifies the name of the output file. This utility always saves the output file in the |
|
Mandatory Use only one of these options:
|
Specifies the user's password in obfuscated text. |
|
Optional |
Runs LDAP connectivity test only (no WMI test). |
|
Optional |
Specifies the timeout (in milliseconds) for the LDAP test only. If this timeout expires, and the LDAP test still runs, then both LDAP connectivity and WMI connectivity tests fail. |
|
Optional |
Run the utility in demo mode. |
|
Optional |
Specifies the LDAP or LDAPS connection port number. The default ports are:
|
|
Optional |
Specifies that LDAP connection must be over SSL. |
|
Optional |
Specifies the total timeout (in milliseconds) for both LDAP connectivity and WMI connectivity tests. |
|
Mandatory |
Specifies the administrator user name on the AD. |
|
Optional |
Prints the full path to the specified output file. |
|
Mandatory |
Specifies the domain name of the AD (for example, Utility prompts the user for the password. |
|
Optional |
Runs WMI connectivity test only (no LDAP test). |
Example
IPv4 of AD DC |
|
Domain |
|
Username |
|
Password |
|
Syntax |
|
Output |
[Expert@GW:0]# cat $FWDIR/tmp/test.txt ( :status (SUCCESS_LDAP_WMI) :err_msg ("WMI_SUCCESS;LDAP_SUCCESS") :ldap_status (LDAP_SUCCESS) :wmi_status (WMI_SUCCESS) :timestamp ("Mon Feb 26 10:17:41 2018") ) [Expert@GW:0]# |
|
Note - In order to know the output is authentic, pay attention that the timestamp is the same as the local time. |