This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-08-08 11:59 PM

How to use Identity Awareness Tags in R80.20.M1

This feature is available for R80.10 Gateways and above.

The new Identity Tag object gives you tag-based identification in your Access Control Policy.

Supported tag sources:

  • Cisco ISE Security Groups
  • Check Point Identity Awareness Portal and API

Step 1: Create a new Identity Tag in SmartConsole

Step 2: Create an Access Role object and select this Identity Tag

Step 3: Use this Access Role object in your Access Control Policy.

Step 4: Publish your changes, and Install Policy.


Tell us what you think about this new feature in the comments below.

Labels
10 Replies
Kaspars_Zibarts
Authority
Authority
‎2018-08-09 12:45 AM

Wow cool! When's this going to be available for chassis? 

0 Kudos
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-08-09 01:02 AM
In response to Kaspars_Zibarts

Sorry can you elaborate on that? Is this something Management Server tag orchestration can solve?

0 Kudos
Kaspars_Zibarts
Authority
Authority
‎2018-08-09 01:07 AM
In response to Tomer_Sole

Not exactly but thanks anyways Tomer! We are eagerly awaiting for R80 on chassis so that might resolve quite a few challenges Smiley Happy

0 Kudos
Maor_Elharar
Employee
Employee
‎2018-08-16 06:28 AM
In response to Kaspars_Zibarts

Hi Kaspars,

We can offer you to join our R80.20SP EA (R80.20 for Scalable Platform) program.

If you are interested, please contact me to discuss the details.

maor@checkpoint.com

Bob_Bent
Mod
Mod
‎2018-08-09 09:26 AM

Nice post, if users want a deeper view of our integration with Cisco ISE, see this tech brief on Check Point and Cisco Context Aware Security.

Miroslaw_Kozmic
Participant
‎2018-09-18 02:32 PM

Hi Tomer,

Is any additional configuration required on GW/MGMT/Identity Collector for the SGT-to-IP mapping to show up in pdp database? I'm having a little trouble with this scenario... I managed to connect ISE to Identity Collector and I'm receiving AD User to IP mapping but SGT-to-IP just doesn't seem to work for me. Maybe there's something wrong with the configuration ISE side though... Smiley Sad

Maybe there's some extended documentation on the CheckPoint-ISE integration? Smiley Happy

Ole_Jakobsen
Contributor
‎2019-02-05 03:57 AM

Hi Tomer,

Do I understand this correct if I say the the Data Center object is used to retrive SGT's from ISE and Identity Collector is used for population the SGT's on Check Point?

elie
Explorer
‎2019-11-23 11:21 PM

Hi
Just to be sure the feature is indeed working on R80.10 Gateways?
Thanks
0 Kudos
Jelle_Hazenberg
Collaborator
‎2020-01-24 07:56 AM
In response to elie

@elie wrote:
Hi
Just to be sure the feature is indeed working on R80.10 Gateways?
Thanks


This feature is available for R80.10 Gateways and above.

Mikael
Contributor
‎2021-12-14 01:20 PM

Old thread but I'm taking my chances...

Looking at this and reading the SmartConsole R81 Help I struggle to figure out how to use this through the IA API.

According to the SmartConsole R81 Help I should be able to define "A custom tag (defined on a third party product) acquired through the Check Point Identity Web API." but when I look at the IA API I find no reference to a tag...

How do I add an IP-address through the IA API that match my defined tag?

 

Cheers