This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kyithuaung
Participant
‎2021-05-31 09:44 PM

Identity Awareness Agnet Deployment with cluster environment but it is disconnect.

Hello,

I'm going to configure Identity Awareness Agent Deployment with cluster environment but it is disconnect. I used security gateway address with cluster ip. There is no review button in the agent software and no trust box appears for certificate. When I find it in google and checkpoint group that it need identity sharing configuration. Identity Agents can be connected to only one Identity Awareness security Gateway. If no sharing is enabled it will not work with Identity Awareness security Gateway. Do I need to Identity sharing configuration? If need please share me " How to configure Identity sharing configuration and what is need?"

Preview file
149 KB
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-05-31 09:56 PM

Identity Sharing can be configured as described here: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_IdentityAwareness_AdminGuide/Topic... 

However, I don't believe this is necessary unless the cluster is sharing identities with other gateways/clusters.
Let's start with the basics: Can you telnet to the relevant IP on port 443 and get a connection?
If you cannot, then you either have a policy not configured to allow it or some other device in the network is blocking the connection. 

It might also help to know versions/JHF levels of everything as well. 

0 Kudos
kyithuaung
Participant
‎2021-05-31 10:10 PM
In response to PhoneBoy

Hello Phone Boy,

Thanks for your reply. I have policy configure to allow is any. I can get telnet to the relevant IP and accept 443 port in log. Jumbo HotFix version is T87 and OS version is R80.40. Please give me any suggestion.id accept.jpeg

0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-31 10:15 PM
In response to kyithuaung

Have you configured Identity Agent as an Identity Source in the gateway and pushed policy?
Please share a screenshot of your cluster object with the Identity Awareness settings.

0 Kudos
kyithuaung
Participant
‎2021-05-31 10:49 PM
In response to PhoneBoy

Hello Phone Boy,
Please kindly see the attached file for your mentioned screenshot.1.png2.png3.png4.png5.png6.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events