Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to use Identity Awareness Tags in R80.20.M1

This feature is available for R80.10 Gateways and above.

The new Identity Tag object gives you tag-based identification in your Access Control Policy.

Supported tag sources:

  • Cisco ISE Security Groups
  • Check Point Identity Awareness Portal and API

Step 1: Create a new Identity Tag in SmartConsole

Step 2: Create an Access Role object and select this Identity Tag

Step 3: Use this Access Role object in your Access Control Policy.

Step 4: Publish your changes, and Install Policy.


Tell us what you think about this new feature in the comments below.

Labels (1)
9 Replies
Highlighted
Authority
Authority

Wow cool! When's this going to be available for chassis? 

0 Kudos
Highlighted

Sorry can you elaborate on that? Is this something Management Server tag orchestration can solve?

0 Kudos
Highlighted
Authority
Authority

Not exactly but thanks anyways Tomer! We are eagerly awaiting for R80 on chassis so that might resolve quite a few challenges Smiley Happy

0 Kudos
Highlighted
Employee
Employee

Hi Kaspars,

We can offer you to join our R80.20SP EA (R80.20 for Scalable Platform) program.

If you are interested, please contact me to discuss the details.

maor@checkpoint.com

Highlighted

Nice post, if users want a deeper view of our integration with Cisco ISE, see this tech brief on Check Point and Cisco Context Aware Security.

Highlighted
Participant

Hi Tomer,

Is any additional configuration required on GW/MGMT/Identity Collector for the SGT-to-IP mapping to show up in pdp database? I'm having a little trouble with this scenario... I managed to connect ISE to Identity Collector and I'm receiving AD User to IP mapping but SGT-to-IP just doesn't seem to work for me. Maybe there's something wrong with the configuration ISE side though... Smiley Sad

Maybe there's some extended documentation on the CheckPoint-ISE integration? Smiley Happy

Highlighted
Contributor

Hi Tomer,

Do I understand this correct if I say the the Data Center object is used to retrive SGT's from ISE and Identity Collector is used for population the SGT's on Check Point?

Highlighted
Explorer

Hi
Just to be sure the feature is indeed working on R80.10 Gateways?
Thanks
0 Kudos
Highlighted
Contributor


@elie wrote:
Hi
Just to be sure the feature is indeed working on R80.10 Gateways?
Thanks


This feature is available for R80.10 Gateways and above.