Re: Check Point Identity Collector integration with Cisco ISE 2.4 PxGrid

NaveenG_Wi-Fi · ‎07-29-2020

Hi,

I have a distributed ISE deployment with 2 PAN (PxGrid enabled) nodes, 2 MNT and 5 PSNs. I have integrated Check Point Identity Collector with ISE PxGrid Node. While integrating I exported Internal CA certificate from 'Primary PxGrid Node' which was used along with Root Certificate (domain) to generate 'Server certificate' in .jks format.

My concern is, what if the 'Primary PxGrd Node' breaks ? Will the Identity Collector still be ale to communicate with 'Secondary PxGrid Node'? Note that I used internal CA cert of Primary PxGrid Node to generate Server Certificate which was used while integrating Check Point Identity Collector.

Thanks!

N

Ruben Cocheno · ‎09-08-2020

@NaveenG_Wi-Fi the Pxgrid service is a bit of a mistery between Primary/Secondary, but i assure you that works rock solid. I've done that integration not long ago.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Peter Koltl · ‎12-19-2020

My practice is to create a single universal certificate for all nodes in the Internal CA. All node FQDNs should be included as Subject Alternative Name in the certificate.

NaveenG_Wi-Fi · ‎12-19-2020

Hi @Peter Koltl @Ruben Cocheno,

I know it's too late to post back

Yes, I had to create a common certificate for all nodes. The checkpoint IDC connection with ISE PxGrid server remained intact when the PxGrid nodes failed over. Thank you !

Regards,

Naveen