Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joe_Dillig
Employee Alumnus
Employee Alumnus

Ubiquiti Unifi and Check Point Integration

Here is a simple way to integrate Ubiquiti Unifi systems into Check Point environments using the Unifi API and the Identity API. This solution will query the Unifi controller to gather details about the connected clients for a given Unifi site and/or ssid and create network IDs for each active client. In addition to better visibility, you can also configure Access Roles objects for these client identities to be used in the security policy. Since this is querying the Unifi controller you will need to always have the controller up and running in either a VM/container OR by using a cloud key.

 

Identity in PDP table of the gateway. All of the details gathered from the Unifi controller are added into the Machine field. For this example a client machine named 'dilligj1-e7470' is active on the 'homenet' Unifi site and also connected to port #12 of the switch.

Client identity in pdp table of gatewayClient identity in pdp table of gateway

 

Example log inside SmartConsole showing machine identity. Using the search bar for logs you can also type any of the machine details to search the logs for clients connected to that Unifi site or switch.

log example.PNG

 

If you want to enforce rules based on Unifi sites and/or ssid you are able to create an access role object that represents the Unifi site name and ssid (if wireless clients). The name format for this is 'Unifi_<SITENAME>_<SSID>' for wireless and 'Unifi_<SITENAME>' for wired clients.

access role example.PNG

 

For usage examples and the code see my GitHub repository for this project: https://github.com/joe-at-cp/CPUnifi

 

Thanks and Enjoy!

 

 

 

3 Replies
Tommy_Forrest
Advisor

That.  Is SUPER COOL!  Great post!

0 Kudos
Joe_Dillig
Employee Alumnus
Employee Alumnus

Thanks, I hope its useful for you! I am using it at home right now and its nice to have the visibility in my Check Point logs as to what device on my network is acting up. I have many more plans for the integration where identified threats by Check Point will be blocked from network access by the same script talking back to the Unifi Controller. Some cool things to come with this

Larry_Chisholm
Participant

I'm really looking forward to seeing how you'll pass that information back and forth via the ubiquiti api.  Can't wait to see what you guys come up with.   

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events