This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Dillig
Employee Alumnus
Employee Alumnus
‎2019-10-30 02:42 AM

Ubiquiti Unifi and Check Point Integration

Here is a simple way to integrate Ubiquiti Unifi systems into Check Point environments using the Unifi API and the Identity API. This solution will query the Unifi controller to gather details about the connected clients for a given Unifi site and/or ssid and create network IDs for each active client. In addition to better visibility, you can also configure Access Roles objects for these client identities to be used in the security policy. Since this is querying the Unifi controller you will need to always have the controller up and running in either a VM/container OR by using a cloud key.

 

Identity in PDP table of the gateway. All of the details gathered from the Unifi controller are added into the Machine field. For this example a client machine named 'dilligj1-e7470' is active on the 'homenet' Unifi site and also connected to port #12 of the switch.

Client identity in pdp table of gatewayClient identity in pdp table of gateway

 

Example log inside SmartConsole showing machine identity. Using the search bar for logs you can also type any of the machine details to search the logs for clients connected to that Unifi site or switch.

log example.PNG

 

If you want to enforce rules based on Unifi sites and/or ssid you are able to create an access role object that represents the Unifi site name and ssid (if wireless clients). The name format for this is 'Unifi_<SITENAME>_<SSID>' for wireless and 'Unifi_<SITENAME>' for wired clients.

access role example.PNG

 

For usage examples and the code see my GitHub repository for this project: https://github.com/joe-at-cp/CPUnifi

 

Thanks and Enjoy!

 

 

 

3 Replies
Tommy_Forrest
Advisor
‎2019-10-30 04:41 AM

That.  Is SUPER COOL!  Great post!

0 Kudos
Joe_Dillig
Employee Alumnus
Employee Alumnus
‎2019-10-30 04:47 AM
In response to Tommy_Forrest

Thanks, I hope its useful for you! I am using it at home right now and its nice to have the visibility in my Check Point logs as to what device on my network is acting up. I have many more plans for the integration where identified threats by Check Point will be blocked from network access by the same script talking back to the Unifi Controller. Some cool things to come with this

Larry_Chisholm
Participant
‎2019-11-05 07:17 AM
In response to Joe_Dillig

I'm really looking forward to seeing how you'll pass that information back and forth via the ubiquiti api.  Can't wait to see what you guys come up with.   

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events