Retrieving Information from a User Directory Server

When a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. requires user information for authentication, it goes through this process:

  1. The Security Gateway searches for the user in the internal users database.

  2. If the specified user is not defined in the internal users database, the Security Gateway queries the LDAP server defined in the Account Unit with the highest priority.

  3. If the query against an LDAP server with the highest priority fails (for example, the connection is lost), the Security Gateway queries the server with the next highest priority.

    If there is more than one Account Unit, the Account Units are queried concurrently. The results of the query are taken from the first Account Unit to meet the conditions, or from all the Account Units which meet the conditions.

  4. If the query against all LDAP servers fails, the Security Gateway matches the user against the generic external user profile..

Running User Directory Queries

Use queries to get User DirectoryClosed Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions. user or group data. For best performance, query Account Units when there are open connections. Some connections are kept open by the Security Gateways, to make sure the user belongs to a group that is permitted to do a specified operation.

Querying Multiple LDAP Servers

The Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and the Security Gateways can work with multiple LDAP servers concurrently. For example, if a Security Gateway needs to find user information, and it does not know where the specified user is defined, it queries all the LDAP servers in the system. (Sometimes a Security Gateway can find the location of a user by looking at the user DN, when working with certificates.)