cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How to use Identity Awareness Tags in R80.20.M1

This feature is available for R80.10 Gateways and above.

The new Identity Tag object gives you tag-based identification in your Access Control Policy.

Supported tag sources:

  • Cisco ISE Security Groups
  • Check Point Identity Awareness Portal and API

Step 1: Create a new Identity Tag in SmartConsole

Step 2: Create an Access Role object and select this Identity Tag

Step 3: Use this Access Role object in your Access Control Policy.

Step 4: Publish your changes, and Install Policy.


Tell us what you think about this new feature in the comments below.

Labels (1)
7 Replies

Re: How to use Identity Awareness Tags in R80.20.M1

Wow cool! When's this going to be available for chassis? 

0 Kudos

Re: How to use Identity Awareness Tags in R80.20.M1

Sorry can you elaborate on that? Is this something Management Server tag orchestration can solve?

0 Kudos

Re: How to use Identity Awareness Tags in R80.20.M1

Not exactly but thanks anyways Tomer! We are eagerly awaiting for R80 on chassis so that might resolve quite a few challenges Smiley Happy

0 Kudos
Employee
Employee

Re: How to use Identity Awareness Tags in R80.20.M1

Hi Kaspars,

We can offer you to join our R80.20SP EA (R80.20 for Scalable Platform) program.

If you are interested, please contact me to discuss the details.

maor@checkpoint.com

Highlighted

Re: How to use Identity Awareness Tags in R80.20.M1

Nice post, if users want a deeper view of our integration with Cisco ISE, see this tech brief on Check Point and Cisco Context Aware Security.

Re: How to use Identity Awareness Tags in R80.20.M1

Hi Tomer,

Is any additional configuration required on GW/MGMT/Identity Collector for the SGT-to-IP mapping to show up in pdp database? I'm having a little trouble with this scenario... I managed to connect ISE to Identity Collector and I'm receiving AD User to IP mapping but SGT-to-IP just doesn't seem to work for me. Maybe there's something wrong with the configuration ISE side though... Smiley Sad

Maybe there's some extended documentation on the CheckPoint-ISE integration? Smiley Happy

Re: How to use Identity Awareness Tags in R80.20.M1

Hi Tomer,

Do I understand this correct if I say the the Data Center object is used to retrive SGT's from ISE and Identity Collector is used for population the SGT's on Check Point?