This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-08-08 11:59 PM

How to use Identity Awareness Tags in R80.20.M1

This feature is available for R80.10 Gateways and above.

The new Identity Tag object gives you tag-based identification in your Access Control Policy.

Supported tag sources:

  • Cisco ISE Security Groups
  • Check Point Identity Awareness Portal and API

Step 1: Create a new Identity Tag in SmartConsole

Step 2: Create an Access Role object and select this Identity Tag

Step 3: Use this Access Role object in your Access Control Policy.

Step 4: Publish your changes, and Install Policy.


Tell us what you think about this new feature in the comments below.

Labels
12 Replies
Kaspars_Zibarts
Employee
Employee
‎2018-08-09 12:45 AM

Wow cool! When's this going to be available for chassis? 

0 Kudos
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2018-08-09 01:02 AM
In response to Kaspars_Zibarts

Sorry can you elaborate on that? Is this something Management Server tag orchestration can solve?

0 Kudos
Kaspars_Zibarts
Employee
Employee
‎2018-08-09 01:07 AM
In response to Tomer_Sole

Not exactly but thanks anyways Tomer! We are eagerly awaiting for R80 on chassis so that might resolve quite a few challenges Smiley Happy

0 Kudos
Maor_Elharar
Employee
Employee
‎2018-08-16 06:28 AM
In response to Kaspars_Zibarts

Hi Kaspars,

We can offer you to join our R80.20SP EA (R80.20 for Scalable Platform) program.

If you are interested, please contact me to discuss the details.

maor@checkpoint.com

Bob_Bent
Mod
Mod
‎2018-08-09 09:26 AM

Nice post, if users want a deeper view of our integration with Cisco ISE, see this tech brief on Check Point and Cisco Context Aware Security.

Miroslaw_Kozmic
Participant
‎2018-09-18 02:32 PM

Hi Tomer,

Is any additional configuration required on GW/MGMT/Identity Collector for the SGT-to-IP mapping to show up in pdp database? I'm having a little trouble with this scenario... I managed to connect ISE to Identity Collector and I'm receiving AD User to IP mapping but SGT-to-IP just doesn't seem to work for me. Maybe there's something wrong with the configuration ISE side though... Smiley Sad

Maybe there's some extended documentation on the CheckPoint-ISE integration? Smiley Happy

Ole_Jakobsen
Contributor
‎2019-02-05 03:57 AM

Hi Tomer,

Do I understand this correct if I say the the Data Center object is used to retrive SGT's from ISE and Identity Collector is used for population the SGT's on Check Point?

elie
Explorer
‎2019-11-23 11:21 PM

Hi
Just to be sure the feature is indeed working on R80.10 Gateways?
Thanks
0 Kudos
Jelle_Hazenberg
Collaborator
‎2020-01-24 07:56 AM
In response to elie

@elie wrote:
Hi
Just to be sure the feature is indeed working on R80.10 Gateways?
Thanks


This feature is available for R80.10 Gateways and above.

Mikael
Collaborator
‎2021-12-14 01:20 PM

Old thread but I'm taking my chances...

Looking at this and reading the SmartConsole R81 Help I struggle to figure out how to use this through the IA API.

According to the SmartConsole R81 Help I should be able to define "A custom tag (defined on a third party product) acquired through the Check Point Identity Web API." but when I look at the IA API I find no reference to a tag...

How do I add an IP-address through the IA API that match my defined tag?

 

Cheers 

dmartinez
Explorer
‎2023-05-25 01:47 AM

Hello!

 

I am working in the integration of a third party (Clearpass) via IA API, and I cannot find the way of creating the tag in the Clearpass side. I have been searching in the IA API guide but I have not found any references to create this tags that will be sent to Check Point to match Check Point tags.

 

Any ideas? Would any attribute sent via api match with the Identity Tag if the string matches?

 

Thanks!

CCSE / CCTE
0 Kudos
Kirupa_Shankar_
Explorer
11 hours ago

How do i list all the populated identities on the tag ? any commands that can help ?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events