Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Scott_Bily
Participant

Cisco ISE integration with Identity Awareness

Has anybody gotten Cisco ISE pxGrid integration working with Identity Collector?   And how(or can)identity based rules be used if identities are learned from ISE(via Identity Collector).    Currently all of our identity based rules are based on Active directory group memberships.  Most of our LAN users would be authenticated via AD.  And when the Identity Collect learns those event logs it seems to pass the users groups as well.    

But As far as I can tell I will only be getting a users login id and IP address from ISE.   So I’m guessing non of my existing Identity rules would work for users being authenticated via ISE?     I’m just wondering if anybody else has encountered this and what they had to do.

we are using ISE for network device with,  but also for Wifi user authentication, and potentially VPN. Which are user who may potentially need identity based access thru our Checkpoint firewalls.

 

Thanks in advance for any feedback

0 Kudos
2 Replies
Danny
Champion
Champion

Sorin_Gogean
Advisor

Hello Scott,
We followed this document when we first set-up and tested the ISE & Checkpoint Identity Collector . 
In ISE you have to set SGT's to different policies where you map your users or machines and authorize them, and based on those SGT's, you can address them in your CKP GW policies/rules. 
(https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-topics/10644/1/Check%20Po...

Have a nice week,

0 Kudos