topic Re: Ubiquiti Unifi and Check Point Integration in API / CLI Discussion

Ubiquiti Unifi and Check Point Integration

Joe_Dillig — Wed, 30 Oct 2019 11:02:59 GMT

Here is a simple way to integrate Ubiquiti Unifi systems into Check Point environments using the Unifi API and the Identity API. This solution will query the Unifi controller to gather details about the connected clients for a given Unifi site and/or ssid and create network IDs for each active client. In addition to better visibility, you can also configure Access Roles objects for these client identities to be used in the security policy. Since this is querying the Unifi controller you will need to always have the controller up and running in either a VM/container OR by using a cloud key.

Identity in PDP table of the gateway. All of the details gathered from the Unifi controller are added into the Machine field. For this example a client machine named 'dilligj1-e7470' is active on the 'homenet' Unifi site and also connected to port #12 of the switch.

Client identity in pdp table of gateway

Example log inside SmartConsole showing machine identity. Using the search bar for logs you can also type any of the machine details to search the logs for clients connected to that Unifi site or switch.

If you want to enforce rules based on Unifi sites and/or ssid you are able to create an access role object that represents the Unifi site name and ssid (if wireless clients). The name format for this is 'Unifi_<SITENAME>_<SSID>' for wireless and 'Unifi_<SITENAME>' for wired clients.

For usage examples and the code see my GitHub repository for this project: https://github.com/joe-at-cp/CPUnifi

Thanks and Enjoy!

Re: Ubiquiti Unifi and Check Point Integration

Tommy_Forrest — Wed, 30 Oct 2019 11:41:24 GMT

That. Is SUPER COOL! Great post!

Re: Ubiquiti Unifi and Check Point Integration

Joe_Dillig — Wed, 30 Oct 2019 11:47:23 GMT

Thanks, I hope its useful for you! I am using it at home right now and its nice to have the visibility in my Check Point logs as to what device on my network is acting up. I have many more plans for the integration where identified threats by Check Point will be blocked from network access by the same script talking back to the Unifi Controller. Some cool things to come with this

Re: Ubiquiti Unifi and Check Point Integration

Larry_Chisholm — Tue, 05 Nov 2019 15:17:41 GMT

I'm really looking forward to seeing how you'll pass that information back and forth via the ubiquiti api. Can't wait to see what you guys come up with.