Solved: Activate Identity Web API for SMB centrally manage... - Check Point CheckMates

Quantum Spark Management Unleashed!

Register Here

Introducing Check Point Quantum Spark 2500:
Smarter Security, Faster Connectivity, and Simpler MSP Management!

Learn More

Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall

Learn More

HTTPS Inspection
Help us to understand your needs better

Take the Survey

CheckMates Go:
SharePoint CVEs and More!

Listen Now

Hello,

for the full Gaia Check Points there is an option to activate Identity Web API via SmartConsole.
Where is this option for SMB devices or is this not supported?!

We use this for IA with CloudGuard Connect and would need it for SMB Devices as well.

KR
David

1 Solution

Accepted Solutions

That is true - see sk128612: CloudGuard Controller is supported only on Gaia OS, not on GAiA Embedded.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

11 Replies

This is not possible directly on SMB, as only Browser, AD Query, Identity Agents and RemoteAccess are valid Identity Sources. GAiA Embedded does not support RADIUS Accounting and Identity Collector. But you can select in Identity Sharing: Get Identities from other GW, then these GWs will share the information from Web API, RADIUS Accounting and Identity Collector.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Not the answer I wanted to hear 😉

Yes, get identites from other GWs sounds nice but will not help here because it will not allow to use the Objects generated from CloudGuard Controller in the rules for the SMB Devices... see the attached install_error.jpg (I don't know why but i cannot insert the screenshots directly into this post).

29 KB

That is true - see sk128612: CloudGuard Controller is supported only on Gaia OS, not on GAiA Embedded.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Ok thank you.
One additional point to avoid these embedded devices.

If you need these features you better use GAiA OS. But there are many places these Embedded devices properly perform their tasks...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

I agree that somewhere these are the correct devices. But such minor and simple "features" are no rocket science and should also work with a trimmed embedded Gaia OS. The IA Web API is existing since R77.30(?)

I'm sure this is not the correct forum thread to discuss this here but these limitations are a big pain for us. We would love to use these embedded devices to connect our smaller business sites but at the moment it will not work out. I miss small full Gaia Devices at the same cost level as SMB devices.

🤣

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Hi all,

4 years later with SMB version 81.10.15 it is still the same? This is a big limitation...

Is this already raised as a feature request inside of Check Point?

Best

As far as I know, it is still not supported.
Whether someone has filed an RFE on it or not, if this is a requirement for you, please raise the issue with your local Check Point office.

As noted, the underlying Identity Awareness API is not supported on SMB appliances.
However you should be able to share identities from a regular gateway to an SMB gateway.
Do you have any of those in your environment?

If supporting the IDA API on SMB is a requirement, I highly recommend bringing up the requirement with your local Check Point office.

Yes we have about 22 Full Gaia Devices - so Identity Sharing is possible but still you cannot use the Objects in the Ruleset for SMB Devices.

I already contacted now the local Check Point office 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

User

Count

11

8

4

4

4

3

2

2

2

2

Upcoming Events

Sort by:

Virtual

Tue 09 Sep 2025 @ 05:00 PM (CEST)

The Future of SD-WAN

Virtual

Tue 09 Sep 2025 @ 03:00 PM (EDT)

Deep Dive Americas: Management API Best Practices

Wed 10 Sep 2025 @ 11:00 AM (CEST)

Effortless Web Application & API Security with AI-Powered WAF, an intro to CloudGuard WAF

Virtual

Wed 10 Sep 2025 @ 11:00 AM (EDT)

Quantum Spark Management Unleashed: Hands-On TechTalk for MSPs Managing SMB Networks

Virtual

Thu 11 Sep 2025 @ 03:00 PM (EDT)

Deep Dive Americas: Remote Access and SASE Best Practices

Virtual

Fri 12 Sep 2025 @ 10:00 AM (CEST)

CheckMates Live Netherlands - Sessie 38: Harmony Email & Collaboration

Virtual

Tue 09 Sep 2025 @ 05:00 PM (CEST)

The Future of SD-WAN

Virtual

Tue 09 Sep 2025 @ 03:00 PM (EDT)

Deep Dive Americas: Management API Best Practices

Virtual

Wed 10 Sep 2025 @ 11:00 AM (EDT)

Quantum Spark Management Unleashed: Hands-On TechTalk for MSPs Managing SMB Networks

Virtual

Thu 11 Sep 2025 @ 03:00 PM (EDT)

Deep Dive Americas: Remote Access and SASE Best Practices

Virtual

Fri 12 Sep 2025 @ 10:00 AM (CEST)

CheckMates Live Netherlands - Sessie 38: Harmony Email & Collaboration

Virtual

Thu 18 Sep 2025 @ 03:00 PM (EDT)

Americas Deep Dive: HTTPS Inspection Best Practices

In-Person

Tue 23 Sep 2025 @ 10:00 AM (CEST)

CheckMates Austria Road Show - CheckMates Live Vienna

In-Person

Tue 23 Sep 2025 @ 04:30 PM (MST)

Tempe, AZ: CloudGuard Network Security and WAF

In-Person

Wed 24 Sep 2025 @ 04:30 PM (PDT)

Las Vegas, NV: CloudGuard Network Security and WAF

In-Person

Thu 25 Sep 2025 @ 10:00 AM (CEST)

CheckMates Austria Road Show - CheckMates Live Linz

In-Person

Wed 01 Oct 2025 @ 12:00 PM (MDT)

Draper, UT: CloudGuard Network Security and WAF

In-Person

Tue 07 Oct 2025 @ 09:30 AM (CEST)

CheckMates Live Denmark!

CheckMates Events