Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2539
Views
10
Helpful
3
Replies

Adding 3rd party firewall to ISE using RADIUS.

Go to solution
JohnNetEng
Level 1
Level 1

‎09-06-2018 04:58 PM

I'm having trouble adding a Checkpoint firewall to ISE 2.4. I've been following a blog where the author claims to have successfully added it to ISE 2.1, (here http://mdtnets.blogspot.com/2016/07/checkpoint-gaia-radius-authentication.html).

 

In the part where he gets to "Authentication Policy" I assume it's been replaced by Policy Sets. Running into trouble setting up the conditional "If DEVICE:Device Type Equals Device Type#All Device Types#Checkpoint"

 

I can do the"if DEVICE:Device Type Equals: All Device Types" but am not given an option for any other parameters. Am I missing something here?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎09-06-2018 05:06 PM

You define your network device groups (NDGs) on the Administration->Network Resources->Network Device Groups screen.  Under the Device Type NDG you add a new entry called "Checkpoint".  Then you have to add the Checkpoints into ISE as Network Devices (Administration->Network Resources->Network Devices).  You assign them to the correct NDG Device Type, enter their name, IP and RADIUS shared secret.  Now you are setup.  

 

You can build a policy set whose admission criteria is Device Type = Checkpoint and build the rules you want.

View solution in original post

Go to solution
Cory Peterson
Level 5
Level 5

‎09-06-2018 05:08 PM

You need to add the device group yourself:

Screenshot_1.pngScreenshot_2.png

 

Then add the Device to the group:

Screenshot_3.png

 

 

View solution in original post

3 Replies 3

Go to solution
paul
Level 10
Level 10

‎09-06-2018 05:06 PM

You define your network device groups (NDGs) on the Administration->Network Resources->Network Device Groups screen.  Under the Device Type NDG you add a new entry called "Checkpoint".  Then you have to add the Checkpoints into ISE as Network Devices (Administration->Network Resources->Network Devices).  You assign them to the correct NDG Device Type, enter their name, IP and RADIUS shared secret.  Now you are setup.  

 

You can build a policy set whose admission criteria is Device Type = Checkpoint and build the rules you want.

Go to solution
Cory Peterson
Level 5
Level 5

‎09-06-2018 05:08 PM

You need to add the device group yourself:

Screenshot_1.pngScreenshot_2.png

 

Then add the Device to the group:

Screenshot_3.png

 

 

Go to solution
JohnNetEng
Level 1
Level 1
In response to Cory Peterson

‎09-07-2018 02:32 PM

Thanks a lot. This worked.

0 Helpful
Customers Also Viewed These Support Documents