cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

2199
Views
5
Helpful
3
Replies
NaveenG_Wi-Fi
Beginner

Check Point Identity Collector integration with Cisco ISE 2.4 PxGrid

Hi,

 

I have a distributed ISE deployment with 2 PAN (PxGrid enabled) nodes, 2 MNT and 5 PSNs. I have integrated Check Point Identity Collector with ISE PxGrid Node. While integrating I exported Internal CA certificate from 'Primary PxGrid Node' which was used along with Root Certificate (domain) to generate 'Server certificate' in .jks format.

 

  My concern is, what if the 'Primary PxGrd Node' breaks ?  Will the Identity Collector still be ale to communicate with 'Secondary PxGrid Node'? Note that I used internal CA cert of Primary PxGrid Node to generate Server Certificate which was used while integrating Check Point Identity Collector.

 

Thanks!

N

3 REPLIES 3
Ruben Cocheno
Enthusiast

@NaveenG_Wi-Fi  the Pxgrid service is a bit of a mistery between Primary/Secondary, but i assure you that works rock solid. I've done that integration not long ago.

Please mark it helpfull if it was the case, and i have this problem too. Double touchdown is amazing. Thanks to make Engineering easy.
Peter Koltl
Rising star

My practice is to create a single universal certificate for all nodes in the Internal CA. All node FQDNs should be included as Subject Alternative Name in the certificate.

Hi @Peter Koltl @Ruben Cocheno,

I know it's too late to post back

Yes, I had to create a common certificate for all nodes. The checkpoint IDC connection with ISE PxGrid server remained intact when the PxGrid nodes failed over. Thank you !

 

Regards,

Naveen

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards