https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-identity-collector-and-Cisco-ISE-integration/m-p/99568#M10396 <P>&nbsp;Hi,</P><P>We are trying to integrate cisco ISE with identity collector. We can see 'certificate unknown' log in tcpdump captures. Below snapshot FYR.</P><P>where, 10.10.1.37 is identity collector server and 172.24.16.40 is cisco ISE.</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8500iD4D8B87B0FB21A2C/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>Identity collector activity log</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MicrosoftTeams-image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8503iD21AA2EBCEF7DC2D/image-size/large?v=v2&amp;px=999" role="button" title="MicrosoftTeams-image.png" alt="MicrosoftTeams-image.png" /></span></P><P>In identity collector status show 'pending for administrator approval' but we don't see a request in ISE webui. We have followed the document below.</P><P><A title="Identity Collector and Cisco ISE Integration document" href="https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-topics/10644/1/Check%20Point%20and%20ISE%20Intergration%20White%20Paper.pdf" target="_self">https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-topics/10644/1/Check%20Point%20and%20ISE%20Intergration%20White%20Paper.pdf</A></P><P>We used below default self signed certificate from ISE</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 603px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8504iA8994CE4D23D31ED/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>Can someone, who has done it successfully, let us know the exact steps that were followed and the certificate that need to be exported from ISE? We have followed the above document for 3 times but every time we are getting the same issue.</P> Tue, 20 Oct 2020 10:06:23 GMT Rohit_Raut 2020-10-20T10:06:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-identity-collector-and-Cisco-ISE-integration/m-p/99568#M10396 <P>&nbsp;Hi,</P><P>We are trying to integrate cisco ISE with identity collector. We can see 'certificate unknown' log in tcpdump captures. Below snapshot FYR.</P><P>where, 10.10.1.37 is identity collector server and 172.24.16.40 is cisco ISE.</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8500iD4D8B87B0FB21A2C/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>Identity collector activity log</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MicrosoftTeams-image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8503iD21AA2EBCEF7DC2D/image-size/large?v=v2&amp;px=999" role="button" title="MicrosoftTeams-image.png" alt="MicrosoftTeams-image.png" /></span></P><P>In identity collector status show 'pending for administrator approval' but we don't see a request in ISE webui. We have followed the document below.</P><P><A title="Identity Collector and Cisco ISE Integration document" href="https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-topics/10644/1/Check%20Point%20and%20ISE%20Intergration%20White%20Paper.pdf" target="_self">https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-topics/10644/1/Check%20Point%20and%20ISE%20Intergration%20White%20Paper.pdf</A></P><P>We used below default self signed certificate from ISE</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled.png" style="width: 603px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8504iA8994CE4D23D31ED/image-size/large?v=v2&amp;px=999" role="button" title="Untitled.png" alt="Untitled.png" /></span></P><P>Can someone, who has done it successfully, let us know the exact steps that were followed and the certificate that need to be exported from ISE? We have followed the above document for 3 times but every time we are getting the same issue.</P> Tue, 20 Oct 2020 10:06:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-identity-collector-and-Cisco-ISE-integration/m-p/99568#M10396 Rohit_Raut 2020-10-20T10:06:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-identity-collector-and-Cisco-ISE-integration/m-p/99602#M10397 <P>Did you consult <A href="https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_IdentityAwareness_AdminGuide/Default.htm" target="_self">Identity Awareness R80.40 Administration Guide</A> p.86 ? I find that very valuable, same is true of <A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235&amp;partition=Basic&amp;product=Identity" target="_blank">sk108235: <STRONG>Identity</STRONG> <STRONG>Collector</STRONG> - Technical Overview.</A></P> Tue, 20 Oct 2020 14:23:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Checkpoint-identity-collector-and-Cisco-ISE-integration/m-p/99602#M10397 G_W_Albrecht 2020-10-20T14:23:16Z