Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kishorskmca_kp
Participant

Integrating with NAC device such as Cisco ISE using Radius protocol for the VPN identity management

we are using AD as identity management to allow users for remote access VPN. We have defined some Access Roles for serveral AD Groups in Access policy , but,  we have observed every AD user can log in via VPN client (end point security), regardless the user has a security policy associated or not. If the user is not included in a security policy, of course, they are not able to access to  some where, but, they still can do the log in successfully on the VPN client.

So, somehow, we would like to allow the AD authentication for remote access VPN  just for those users belonging to the Access Roles or for some specific AD Groups.

Can I integrate with NAC device such as Cisco ISE using Radius protocol for the VPN identity management ?

0 Kudos
2 Replies
RS_Daniel
Contributor

Hi,

For "allow the AD authentication for remote access VPN  just for those users belonging to the Access Roles" >> https://community.checkpoint.com/t5/Remote-Access-VPN/How-to-restrict-the-MS-Active-Directory-Authen...

You have to define LDAP groups inside smartconsole and use them in remote access community to define which users/groups con authenticate trough remote access.

For "Can I integrate with NAC device such as Cisco ISE using Radius protocol for the VPN identity management ?" >> i only tested like a regurlar RADIUS server and no problem, did no try for posture or more advanced authorization policy.

0 Kudos
Silesio
Contributor