Hi, tks for your responsed 

I have reinstalled the lab and successfully sent API using Postman. Currently, I am encountering issues sending API from ClearPass Policy Manager to the Firewall. I have configured the Context Server actions on ClearPass and tested by logging in/out users from CP OnGuard Agent; however, I do not see any Identity Awareness logs on Check Point. How can I troubleshoot the log sending/receiving between these two servers? I would greatly appreciate your guidance.

I'm not familiar with the integration with Aruba.
Generally speaking, though:

• Users should be communicated to our gateways via the IDA API 
• Groups (necessary for Access Roles) will come from LDAP (usually from on-premise Active Directory)

I'd start by checking the Aruba side of this to make sure it is sending us information.
A simple tcpdump should verify the Aruba server is sending traffic to the gateway on port 443.

Thank you for your response. I have currently opened a support case with Aruba TAC to debug why the API is not being sent from ClearPass. I have an additional question: with this integration, does CheckPoint require user authentication (via LDAP or AD)? Can I create a dynamic policy to manage user access on CheckPoint based solely on parameters such as IP address and the ClearPass PC health check results?

Identity Awareness receives information via Identity Agents, Identity Collector, or the Identity Awareness API (e.g. for Aruba Clearpass).
Among this information is the user...which is not strictly required.
However, one or more Identity Tags would probably need to be defined to create the relevant Access Policy rules.

Hi, i tried to post API to Firewall IA API via Postman with this content: 

{"shared-secret":"**********", "user": "NACAdmin","ip-address":"1.2.3.4","identity-source": "Aruba ClearPass Policy Manager","calculate-roles":0,"fetch-user-groups": 0,"fetch-machine-groups": 0,"roles": "[%{Role Test}]"}

But i got result: 

Roles needs to be an array, which are enclosed in square brackets.
The roles listed between the square brackets must be enclosed in quotes (i.e. strings).
Your JSON should look like this:

{
  "shared-secret": "**********",
  "user": "NACAdmin",
  "ip-address": "1.2.3.4",
  "identity-source": "Aruba ClearPass Policy Manager",
  "calculate-roles": 0,
  "fetch-user-groups": 0,
  "fetch-machine-groups": 0,
  "roles": ["Role Test"]
}

Hi Phone Boy, Thank for your reply.  

I have successfully sent a manual API and the Checkpoint Firewall has added identity for the User. Currently, I am having an issue with ClearPass sending the API automatically to Checkpoint. Through capturing packets with Wireshark at the Firewall, I observed that there was a POST message sent from ClearPass.  However, there is no record in the log blade:IA. What should I do to debug this case, please help me

Can you see the exact API call with JSON body sent by Clearpass to the gateway?
Without that, and given that you were able to make a successful API call on your own, I assume this issue is on the Clearpass side.

Yes, i have capture on Wireshark about API packet sent to Checkpoint, ClearPass is not enclosing the ip-address parameter in outgoing communications, thus the current issue lies with ClearPass. I have opened a case with Aruba TAC and hope they can assist me in resolving this issue. Additionally, I would like to inquire about licenses for the lab. Where can I obtain a temporary license, as my current lab setup will run out of its license in a few days?

You can generate evaluation licenses via UserCenter, as described here: https://community.checkpoint.com/t5/General-Topics/How-to-Request-an-Evaluation-License-for-Security...