Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jonathan_Langle
Participant

Forescout NAC Identity Awareness API

We have the Check Point intergration to Forescout so we can add users to Access Roles in our security Policy. This is mostly working outside of one piece, the IP To User Mapping. It would appear Forescout is sending the EXAMPLE\Username instead of what our LDAP Account Unit is configured for which would be EXAMPLE.Domain.com as an example.

 

Has anyone else used this integration and run into this? I tried changing the UserLoginAttr on the gateway object to UserPrincipalName  but no dice. The error i am seeing is the following:Failed to get users groups for the domain. Verify that this domain name is configured in your LDAP Account Unit. Domain: EXAMPLE

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Have you approached Forescout related to this?
Can you include a (redacted) log card as well as version/JHF level?

0 Kudos
Jonathan_Langle
Participant

Not yet, i have a ticket open with Support now and sent them PDP and PEP logs. Here i dont have much of a log to go off of, but this is in smart console:

 

Failed to get users groups for the domain.
Verify that this domain name is configured in your LDAP Account Unit.
Domain: DOMAIN

 

Our Domain in the ldap account unit is DOMAIN.EXMAPLE.COM and the domain on the forescout side is sending just DOMAIN.

0 Kudos
Kirupa_Shankar_
Explorer

Hello @Jonathan_Langle where you able to implement this successfully?

we are trying the integration to send forescout identified device classifications to checkpoint access roles to be used in the policy. Your insight will be helpful.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events