Thank you for your feedback. We're currently implementing Identity Management (using Microsoft Active Directory and Cisco ISE).
At the moment, we have the following set up:
- A VSX/VSLS cluster (R80.20)
- A Security Management Server (R80.20)
- Identity Collector (sk134312)
- Identity Agent Terminal Server (sk134312), running on Windows 2012
The online documentation (i.e. the Identity Awareness R80.20 Administration Guide) is not reflecting those updates. It would be nice to have the online documentation be aligned with the latest updates.
We're also experiencing connections issues on the terminal servers.
Since the installation of the Terminal Server Agent, sometimes all tcp ports on the server are occupied (port starvation); resulting in connection errors (hence: user frustration). The number of users is less than 20.
Today, we've experienced a TS crash, caused by the agent:
(A TAC case has been opened for that).
The Check Point community is also asking for a best practices and configuration document on how to integrate Check Point Identity with Cisco ISE. Is this something you can provide, because your team did the tests up to ISE 2.4.