Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Sapphire

SMB Identity Collector Mystery

If we follow sk123858: Identity Collector support on SMB Appliances, Identity Collector is not supported with 1100, 1200R, 1400, 600, 700 Gaia Embedded R77.20, R75.20 Appliances and the same is declared in sk108235 - Identity Collector - Technical Overview. sk105380 Features and Known Limitations for R77.20.xx does not mention it, but in sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations we find that Identity Collector is supported neither Locally nor Centrally managed !

The background for this limitation: The PDP of SMB Appliances has no API listening to tcp/443.

But Identity Sharing between PDP on a Gaia GW and PEPs on SMB Appliances do work, see sk106965: Identity Sharing does not work with SMB appliance running for details.

So we have tested in lab a central GAiA GW with SMB star VPN topology. Identity Collector updates the GAiA GW and the GAiA GW performs Identity Sharing with the PEPs on the SMB Appliances! This does work, so sk123858 seems a little too narrow-minded...😎

 

1 Reply
Highlighted
Admin
Admin

You're correct, the underlying issue is the Identity Awareness API is not supported on SMB appliances.
Any feature that relies on this API is therefore not supported…at least directly.
If you have a regular gateway in the environment and implement identity sharing with the SMB appliances, that most definitely works.
Not sure exactly how to best represent this in the SK, though.
0 Kudos