This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
OrkhanRustamli
Explorer
‎2020-10-29 03:44 AM

VPN Cert Auth - Read OU for User Groups

Jump to solution

Hi All,

We are implementing certificate authentication for remote VPN without LDAP and AD. ISE is identity store and we are using ISE`s CA feature. 

The authentication is working fine, as auth is going internally in firewall but we also need user groups for policy management.

I wonder is it possible to configre CP to read OU from cert and add users to groups based on OU?

 

Thanks in advance!

0 Kudos
Reply
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-11-01 09:23 PM

Jump to solution

I believe we can only retrieve groups from LDAP.
However, if you're integrating with Cisco ISE, you should be able to use Identity Tags as a group source.
See: https://community.checkpoint.com/t5/Policy-Management/How-to-use-Identity-Awareness-Tags-in-R80-20-M... 

View solution in original post

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin
‎2020-11-01 09:23 PM

Jump to solution

I believe we can only retrieve groups from LDAP.
However, if you're integrating with Cisco ISE, you should be able to use Identity Tags as a group source.
See: https://community.checkpoint.com/t5/Policy-Management/How-to-use-Identity-Awareness-Tags-in-R80-20-M... 

View solution in original post

0 Kudos
Reply