07-29-2020 02:41 AM
Hi,
I have a distributed ISE deployment with 2 PAN (PxGrid enabled) nodes, 2 MNT and 5 PSNs. I have integrated Check Point Identity Collector with ISE PxGrid Node. While integrating I exported Internal CA certificate from 'Primary PxGrid Node' which was used along with Root Certificate (domain) to generate 'Server certificate' in .jks format.
My concern is, what if the 'Primary PxGrd Node' breaks ? Will the Identity Collector still be ale to communicate with 'Secondary PxGrid Node'? Note that I used internal CA cert of Primary PxGrid Node to generate Server Certificate which was used while integrating Check Point Identity Collector.
Thanks!
N
09-08-2020 04:28 PM
@NaveenG_Wi-Fi the Pxgrid service is a bit of a mistery between Primary/Secondary, but i assure you that works rock solid. I've done that integration not long ago.
12-19-2020 01:46 PM
My practice is to create a single universal certificate for all nodes in the Internal CA. All node FQDNs should be included as Subject Alternative Name in the certificate.
12-19-2020 03:58 PM
Hi @Peter Koltl @Ruben Cocheno,
I know it's too late to post back
Yes, I had to create a common certificate for all nodes. The checkpoint IDC connection with ISE PxGrid server remained intact when the PxGrid nodes failed over. Thank you !
Regards,
Naveen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide