Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_W
Advisor
Jump to solution

Activate Identity Web API for SMB centrally managed

Hello,

for the full Gaia Check Points there is an option to activate Identity Web API via SmartConsole.
Where is this option for SMB devices or is this not supported?!

We use this for IA with CloudGuard Connect and would need it for SMB Devices as well.

KR
David

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

That is true - see sk128612: CloudGuard Controller is supported only on Gaia OS, not on GAiA Embedded.

CCSE CCTE CCSM SMB Specialist

View solution in original post

0 Kudos
9 Replies
G_W_Albrecht
Legend
Legend

This is not possible directly on SMB, as only Browser, AD Query, Identity Agents and RemoteAccess are valid Identity Sources. GAiA Embedded does not support RADIUS Accounting and Identity Collector. But you can select in Identity Sharing: Get Identities from other GW, then these GWs will share the information from Web API, RADIUS Accounting and Identity Collector.

CCSE CCTE CCSM SMB Specialist
0 Kudos
D_W
Advisor

Not the answer I wanted to hear 😉

Yes, get identites from other GWs sounds nice but will not help here because it will not allow to use the Objects generated from CloudGuard Controller in the rules for the SMB Devices... see the attached install_error.jpg (I don't know why but i cannot insert the screenshots directly into this post).

0 Kudos
G_W_Albrecht
Legend
Legend

That is true - see sk128612: CloudGuard Controller is supported only on Gaia OS, not on GAiA Embedded.

CCSE CCTE CCSM SMB Specialist
0 Kudos
D_W
Advisor

Ok thank you.
One additional point to avoid these embedded devices.

0 Kudos
G_W_Albrecht
Legend
Legend

If you need these features you better use GAiA OS. But there are many places these Embedded devices properly perform their tasks...

CCSE CCTE CCSM SMB Specialist
0 Kudos
D_W
Advisor

I agree that somewhere these are the correct devices. But such minor and simple "features" are no rocket science and should also work with a trimmed embedded  Gaia OS. The IA Web API is existing since R77.30(?)

I'm sure this is not the correct forum thread to discuss this here but these limitations are a big pain for us. We would love to use these embedded devices to connect our smaller business sites but at the moment it will not work out. I miss small full Gaia Devices at the same cost level as SMB devices.

0 Kudos
G_W_Albrecht
Legend
Legend

🤣

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

As noted, the underlying Identity Awareness API is not supported on SMB appliances.
However you should be able to share identities from a regular gateway to an SMB gateway.
Do you have any of those in your environment?

If supporting the IDA API on SMB is a requirement, I highly recommend bringing up the requirement with your local Check Point office.

0 Kudos
D_W
Advisor

Yes we have about 22 Full Gaia Devices - so Identity Sharing is possible but still you cannot use the Objects in the Ruleset for SMB Devices.

I already contacted now the local Check Point office 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events