Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Us4r
Contributor

Identity Agent Support for 1500 Appliances and Quantum Edge

Hello,

 

we investigate to use checkpoints Identity Awarenss - Agent on our productive environment.

 

On Full Gaia and 1400 - Gateways the Agent is supported, also see sk97751. On this page 1500 Appliances or the Cloudguard Edge / Quantum Edge devices are not mentioned.

Also this feature isn't listed as unsupported (or supported) feature in sk159772 or sk166513.

 

I know that the Identity Awareness agent can establish a connection to 1500 or Cloudguard Edge appliances and that it is working there as expected.

 

Is there a official support from checkpoint side if problems would occur when using Checkpoint Identity Agent in conuction with a cloudguard edge/1500 gateway?

 

Thanks for response.

 

Regards

 

 

Florian

 

0 Kudos
11 Replies
G_W_Albrecht
Legend
Legend

Afaik IA Agent is supported on Centrally Managed 15x0 1600 1800 SMB appliances with the limitations from sk97751.

CCSE CCTE SMB Specialist
0 Kudos
Us4r
Contributor

yes that would be great to know if it's official supported from checkpoint in case we need to create a support ticket. Does anyone else also confirm this for cloudguard edge which has the same code base like 15x0 appliances?

0 Kudos
Amir_Erman
Employee
Employee

IA agent is not working on SMB R80.20.x code base, hence is not working on CGE

0 Kudos
Us4r
Contributor

Hello Amir_Erman,

 

I thought SMB 1500 Gateways have the same codebase? I also tried it today if CP Identity Agent connect is working on 1500 Appliances with installed Version R80.20.30 build 992002285 and it's working like expected.

 

=> This should be also R80.20.x code base like CGE will use or did I something missunderstand?

0 Kudos
G_W_Albrecht
Legend
Legend

This is a centrally managed SMB 1500 Gateway, i suppose ?

CCSE CCTE SMB Specialist
0 Kudos
Us4r
Contributor

Yes is centrally managed. In the future also all of our Cloudguard Edge installations would be centrally managed. Some month ago we also had a test installation of cloudguard Edge instances (Version Check_Point_CloudGuard_Edge_R80.20.10_Generic_06012020) during a SD-WAN PoC and there the Identity Awareness agent was working as expected with CGE. I wondering why it shouldn't work now? If it would work in our scenario would I get support in case of a problem?

0 Kudos
G_W_Albrecht
Legend
Legend

As i wrote before: This is supported on centrally managed SMB gateways - Centrally Managed 1100 / 1200R / 1400 appliances support Identity Agent since R77.20.31. For centrally managed 15x0 1600 1800 appliances and CloudGuard Edge R80.20.xx, i still wait for R&D feedback on sk97751, but i am pretty sure they are also supported, as all the R77.20.xx features are also available in R80.20.xx.

CCSE CCTE SMB Specialist
Us4r
Contributor

Great. Please update this post as soon as you get this official feedback. 

 

Thanks.

0 Kudos
G_W_Albrecht
Legend
Legend

First feedback was received:

I have confirmed that although it is unlikely that the behavior of this feature changed for 1500/1600/1800 appliances, we will need to run a QA test before we add those appliances to the sk. R&D has, based on your feedback, asked QA to test this for R80.20. I do not yet have an ETA for the QA test, but will update the sk accordingly as soon as I hear back.

CCSE CCTE SMB Specialist
Us4r
Contributor

Great. I also did test it and it's working as expected. We would be really happy when this feature will be official supported from checkpoint side. When supported for 1500 devices with R80.20.x then I think it should be also supported for CGEdge in the future. 🙂

0 Kudos
Chris_Atkinson
Employee
Employee

sk159772 known limitations notes the following:

"Identity Agent is not supported on 1500, 1600, and 1800 Quantum Spark Appliances.”

 

0 Kudos