Here is a simple way to integrate Ubiquiti Unifi systems into Check Point environments using the Unifi API and the Identity API. This solution will query the Unifi controller to gather details about the connected clients for a given Unifi site and/or ssid and create network IDs for each active client. In addition to better visibility, you can also configure Access Roles objects for these client identities to be used in the security policy. Since this is querying the Unifi controller you will need to always have the controller up and running in either a VM/container OR by using a cloud key.
Identity in PDP table of the gateway. All of the details gathered from the Unifi controller are added into the Machine field. For this example a client machine named 'dilligj1-e7470' is active on the 'homenet' Unifi site and also connected to port #12 of the switch.
Client identity in pdp table of gateway
Example log inside SmartConsole showing machine identity. Using the search bar for logs you can also type any of the machine details to search the logs for clients connected to that Unifi site or switch.
If you want to enforce rules based on Unifi sites and/or ssid you are able to create an access role object that represents the Unifi site name and ssid (if wireless clients). The name format for this is 'Unifi_<SITENAME>_<SSID>' for wireless and 'Unifi_<SITENAME>' for wired clients.
For usage examples and the code see my GitHub repository for this project: https://github.com/joe-at-cp/CPUnifi
Thanks and Enjoy!