This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
_Val_
Admin
Admin
‎2019-05-14 08:21 AM

White Paper - Integration of Check Point Identity Collector and Cisco ISE

Author

Edmund Carbon

@Edmund_Carbon 

Abstract:

The Check Point Identity Awareness Software Blade provides detailed visibility into users, groups, and machines. It provides application and access control through the creation of identity-based firewall policies in a Check Point deployment along with event monitoring and reporting. Cisco ISE integrates with Check Point’s software blade to provide real-time and comprehensive identity and network privilege context. That includes user IP address, name, group, and Cisco TrustSec® security group tag information.
This integration provides Check Point gateways with better visibility of user activities while improving control of corporate resources. ISE helps the Check Point console to display contextual information associated with an event, such as the user’s identity and level of access. This finer level of detail from ISE can reduce threats and data loss by restricting access to resources by users and devices.

This guide provides step by step instruction for establishing trust between Check Point Identity Collector and Cisco ISE Server by using self-signed certificates.

 

For the full list of White Papers, go here

Preview file
3028 KB
3 Replies
Paul_Gademsky
Employee
Employee
‎2019-07-08 11:51 AM

Valeri,

Thank you for preparing this, I've been going round in circles with TS on trying to get this to work, and they have had no resources to get this to work.  I'll add the link to my case, and work through this (the cert part is where I've gotten stuck).

Paul G, CCSM

0 Kudos
Vinz129
Participant
‎2022-08-12 06:51 AM

Hello @_Val_ 

Since release 3.1, Cisco ISE has ceased to work with pxGrid version 1.0, therefore we must use pxGrid 2.0 which is based on WebSockets.

The "CP and ISE integration White paper" was written during the time that pxGrid 1.0 was used.

I’ve had a quick look at the CP knowledge base (sk108235) and they state “For Cisco ISE PxGrid 2.0 integration Open JDK can be used.”

Do you know if the "CP and ISE integration White paper" is still valid for pxGrid 2.0 integrations ?
Any changes to the procedure/steps ?

Thanks,

Vince

0 Kudos
_Val_
Admin
Admin
‎2022-08-12 07:22 AM
In response to Vinz129

This is a fairly old white paper, and it may not be relevant anymore. @Edmund_Carbon can you please comment?

0 Kudos