https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Broker/m-p/232617#M44934 <P>As far as I know, you only need to check that box if you are actually receiving identities from Identity Broker, not publishing them.<BR />It's also not explicitly mentioned in the documentation for configuring a publisher, though it is for a subscriber:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Identity-Broker-Configuration.htm" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Identity-Broker-Configuration.htm</A></P> Wed, 13 Nov 2024 16:22:44 GMT PhoneBoy 2024-11-13T16:22:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Broker/m-p/232566#M44908 <P>Dear Check Mates</P><P>I have a some questions regarding IDA with Broker function.</P><P>My enviornment is R81.20 with actual JHFs. The management site is an MDM and the gateway site is a VSX Gateway Cluster.</P><P><BR />I one of the management domain is a virtuall system "ida-gateway-publisher" which collects identities. There is on other function on this gateway. This gateway is the broker-publisher.</P><P>There are seven other managment domains. In every one is a VSX gateway working as broker-subscriber.</P><P><BR />Do I need to activate the check box für "Get identieties from Identity Broker" for the gateway "ida-gateway-publisher"?<BR />For me the discribtion sounds like it needs only to be checked, if it as Identity Broker Subscriber.</P><P><BR />If it must be checked, do I need a certificate and must this certificate read / imported by the "BrokerCertFetcher" command?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Broker.jpg" style="width: 506px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/28446i5BE557BB49F7D624/image-dimensions/506x309?v=v2" width="506" height="309" role="button" title="Broker.jpg" alt="Broker.jpg" /></span></P><P>&nbsp;</P><P>Any Idea / any hint's?<BR /><BR />Many thanks and best regards,</P><P>Christian</P> Wed, 13 Nov 2024 13:44:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Broker/m-p/232566#M44908 Christian_Koehl 2024-11-13T13:44:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Broker/m-p/232617#M44934 <P>As far as I know, you only need to check that box if you are actually receiving identities from Identity Broker, not publishing them.<BR />It's also not explicitly mentioned in the documentation for configuring a publisher, though it is for a subscriber:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Identity-Broker-Configuration.htm" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_IdentityAwareness_AdminGuide/Content/Topics-IDAG/Identity-Broker-Configuration.htm</A></P> Wed, 13 Nov 2024 16:22:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Broker/m-p/232617#M44934 PhoneBoy 2024-11-13T16:22:44Z