Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_W
Collaborator

Activate Identity Web API for SMB centrally managed

Jump to solution

Hello,

for the full Gaia Check Points there is an option to activate Identity Web API via SmartConsole.
Where is this option for SMB devices or is this not supported?!

We use this for IA with CloudGuard Connect and would need it for SMB Devices as well.

KR
David

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

That is true - see sk128612: CloudGuard Controller is supported only on Gaia OS, not on GAiA Embedded.

View solution in original post

0 Kudos
9 Replies
G_W_Albrecht
Legend
Legend

This is not possible directly on SMB, as only Browser, AD Query, Identity Agents and RemoteAccess are valid Identity Sources. GAiA Embedded does not support RADIUS Accounting and Identity Collector. But you can select in Identity Sharing: Get Identities from other GW, then these GWs will share the information from Web API, RADIUS Accounting and Identity Collector.

0 Kudos
D_W
Collaborator

Not the answer I wanted to hear 😉

Yes, get identites from other GWs sounds nice but will not help here because it will not allow to use the Objects generated from CloudGuard Controller in the rules for the SMB Devices... see the attached install_error.jpg (I don't know why but i cannot insert the screenshots directly into this post).

0 Kudos
G_W_Albrecht
Legend
Legend

That is true - see sk128612: CloudGuard Controller is supported only on Gaia OS, not on GAiA Embedded.

View solution in original post

0 Kudos
D_W
Collaborator

Ok thank you.
One additional point to avoid these embedded devices.

0 Kudos
G_W_Albrecht
Legend
Legend

If you need these features you better use GAiA OS. But there are many places these Embedded devices properly perform their tasks...

0 Kudos
D_W
Collaborator

I agree that somewhere these are the correct devices. But such minor and simple "features" are no rocket science and should also work with a trimmed embedded  Gaia OS. The IA Web API is existing since R77.30(?)

I'm sure this is not the correct forum thread to discuss this here but these limitations are a big pain for us. We would love to use these embedded devices to connect our smaller business sites but at the moment it will not work out. I miss small full Gaia Devices at the same cost level as SMB devices.

0 Kudos
G_W_Albrecht
Legend
Legend

🤣

0 Kudos
PhoneBoy
Admin
Admin

As noted, the underlying Identity Awareness API is not supported on SMB appliances.
However you should be able to share identities from a regular gateway to an SMB gateway.
Do you have any of those in your environment?

If supporting the IDA API on SMB is a requirement, I highly recommend bringing up the requirement with your local Check Point office.

0 Kudos
D_W
Collaborator

Yes we have about 22 Full Gaia Devices - so Identity Sharing is possible but still you cannot use the Objects in the Ruleset for SMB Devices.

I already contacted now the local Check Point office 🙂

0 Kudos