This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Scott_Bily
Participant
‎2022-03-25 03:27 PM

Cisco ISE integration with Identity Awareness

Has anybody gotten Cisco ISE pxGrid integration working with Identity Collector?   And how(or can)identity based rules be used if identities are learned from ISE(via Identity Collector).    Currently all of our identity based rules are based on Active directory group memberships.  Most of our LAN users would be authenticated via AD.  And when the Identity Collect learns those event logs it seems to pass the users groups as well.    

But As far as I can tell I will only be getting a users login id and IP address from ISE.   So I’m guessing non of my existing Identity rules would work for users being authenticated via ISE?     I’m just wondering if anybody else has encountered this and what they had to do.

we are using ISE for network device with,  but also for Wifi user authentication, and potentially VPN. Which are user who may potentially need identity based access thru our Checkpoint firewalls.

 

Thanks in advance for any feedback

0 Kudos
2 Replies
Danny
Champion
Champion
‎2022-03-25 03:49 PM

sk118652 - Troubleshooting issues between Check Point Identity Collector and Cisco ISE Server

Sorin_Gogean
Advisor
‎2022-04-13 11:01 PM

Hello Scott,
We followed this document when we first set-up and tested the ISE & Checkpoint Identity Collector . 
In ISE you have to set SGT's to different policies where you map your users or machines and authorize them, and based on those SGT's, you can address them in your CKP GW policies/rules. 
(https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/general-topics/10644/1/Check%20Po...

Have a nice week,

0 Kudos